In HTC’s latest lineup of handsets, a group that includes the EVO 3D and Thunderbolt, a security flaw is making users personal data vulnerable. Everything from email to SMS data is susceptible to an oversight that allows any app with access to android.permission.INTERNET go access data stored on the device by a set of logging tools deployed on HTC’s phones. HTC hasn’t issued a fix for the problem, which was uncovered by Android Police, but is looking into the claims.
As the tools used to log data such as accounts, email addresses, and location are built directly into HTC Sense, the only way to avoid the security loophole at the current time is by doing away with the custom interface via rooting. For a more in depth explanation of why you should or should not be concerned, head over to the source link below.
[via AndroidPolice]
So this is only for the 3D and Thunderbolt ? Phew, funny how most articles i’ve seen about it never mentioned anything like that, and were saying ALL HTC phones were affected.
Edit: I guess Android Police says ‘other’ phones are affected aswell. It would be nice to have an exact list but my guess is we’ll have to wait for HTC for that.
Doubt my good old Desire is affected anyhow, haven’t got updates for awhile..
The AndroidPolice article was pretty clear on the offending app HtcLoggers.apk. If your HTC phone has this file (/system/app/HtcLoggers.apk) it’s likely affected by this vulnerability.
have just located this file on my rooted sensation running Pyramid3D rom and froozen it. fingers crossed!
Probably why there are posts that all HTC updates have been halted…
Quis custodiet ipsos custodes?
Glad my TBolt is rooted with virus rom. Unfortunately, and unfairly, competitors (Microsoft, Apple, etc) are going tho use this huge HTC mistake to make all of android look bad.
Another reason to stay away from HTC android phone! This is even worse than poor battery and weak reception.
Nothing can be worse than htc’s battery life….
I don’t know what you are talking about weak reception? Are you kidding me go troll somewhere else. The Nexus S 4g had the worst reception out of all the phone before the patch.
I am callong htc on gmail for an update!
Quickly.
The HTCLogger.apk file was on my HTC Evo 4G phone. I have now manually removed it with Root Explorer. Thanks to Android Police! I’m suprised HTC would do this.
And people are worried about rooting causing damage and root helps us solve problems before a official fix hits. CM7 on Thundrbolt FTW
Android Police did not first report this, it was an XDA developer. Android Police ripped off XDA and didnt give credit to the person who actually did the work.