Massive Security Flaw in HTC Android Devices Exposes Personal Information

October 3rd, 2011 Omar Khan | Print this Article


The most recent discovery by Trevor Eckhart left the smartphone industry in a complete state of shock. Several HTC devices including the EVO 3D, EVO 4G, Thunderbolt and maybe other devices are susceptible to a security flaw that exposes users private data according to a report by Android Police.

HTC has added a suite of logging tools to its devices that gathers personal data which would be fine under any other circumstances except when the data is not secured and can be accessed by any app that requests “android.permission.INTERNET” permission. The app can access data like e-mail, text messages, GPS information, phone numbers and phone logs and system logs. According to the report, any app using only the INTERNET permission can at the very least gain access to the following:

 

ACCESS_COARSE_LOCATION - Allows an app to access WiFi, Cell ID locations

ACCESS_FINE_LOCATION - Allows an app to access GPS location

ACCESS_LOCATION_EXTRA_COMMANDS – Allows an app to access extra location provider commands

ACCESS_WIFI_STATE – Allows an app to access WiFi network information

BATTERY_STATS – Allows an app to collect battery statistics

DUMP – Allows an app to access dump information from system services

GET_ACCOUNTS – Allows an app to access the list of accounts

GET_TASKS – Allows an app to get a list of tasks currently running or had previously been running

READ_LOGS – Allows an app to read low-level system logs

READ_SYNC_SETTINGS – Allows an app to read sync settings

READ_SYNC_STATS – Allows an app to read sync stats

Prevention is better than cure.

The only way to be safe from this vulnerability is either by rooting the phone or installing an update from HTC. If you’ve rooted your phone already and are running a different ROM like CyanogenMod, you’re safe from this evil. This only seems to have effected stock Sense firmware.

For all those using the latest HTC models like the Sensation, EVO 3D, EVO 4G / Shift etc., this is off real concern till HTC comes out with a patch. DO NOT download suspicious applications untill this issue is resolved.

 

Related content:

  1. HTC Evo 4G gets Gingerbread
  2. Gingerbread headed to HTC Droid Incredible 2
  3. Useful Android Tips & Tricks
  4. Android App of the Week: K9-Mail
  5. Android App of the week: Cam Scanner
  6. The Multimedia Superhero!
  7. Google Wallet Introduction Video
  8. iPhone 4 – What’s in store?





Posted in Android, Mobile Tags: , , , ,
«
»
You can leave a response, or trackback from your own site.
Dreamhost