HTC leaking users’ private information
Recently, a major security flaw was found in the HTC EVO 3D, EVO 4G, and Thunderbolt by researchers who say private information was being logged without phone users opting in, by exposing a user’s data to any app that can access the web. “If you, as a company, plant these information collectors on a device, you better be damn sure the information they collect is secured and only available to privileged services or the user, after opting in,” one of the researchers, Artem Russakouskii, wrote at the Android Police site. They say their research proves that this is not the case with HTC.
Since releasing their research, HTC has acknowledged a vulnerability of security in select phones but has the tech world enraged as they shrug off responsibility for the vulnerability. HTC’s statement today says, “In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application.”
HTC avoids blame
HTC blames third party malware apps for the vulnerability and that they are “acting in violation of civil and criminal laws,” but makes no mention of their role in creating the vulnerability not found in competitive devices.
HTC said it is “working very diligently to quickly release a security update that will resolve the issue on affected devices.” In the meantime, they simply tell customers to use caution when using apps. The only way to plug the leak, so to speak, is to root the device (aka jailbreaking it) which voids the warranty, a move we do not recommend. Customers are in a tricky spot while they wait for a security patch that HTC is working on but has not announced a release date.
