If you own a HTC smartphone, as I do, then you may be concerned to learn of what is described by Android Police as a “massive vulnerability”.
The security vulnerability in question apparently gives a whole lot of access to any application that has internet access. The most notable areas of private data that could be compromised include:
- list of user accounts including email addresses
- email addresses
- stored phone numbers
- text message data including both the phone numbers and the encoded text
- GPS locations, both current and stored
Other information could also be accessible too:
- network information such as IP addresses
- system information including build number, CPU information, bootloader information, list of installed application, running processes and battery details.
Scary stuff huh?
How did the vulnerability come about?
According to Justin Case, Trevor Eckhart and Artem Russakovskii from Android Police the issue stems from recent updates by HTC which introduced logging tools designed to collect information from their line of smartphones for whatever reason. On the face of things this may just seem, at worst, sinister but the guys claim it is worse than that as the above info will potentially become available to:
…any app on affected devices that requests a single android.permission.INTERNET…
Open Source dangers
There are many arguments to be made both for and against open source software. On the one hand, open source allows for far greater creativity, collaborative effort and lower costs. But the vulnerability the Android Police team claims to have discovered goes to show the other side of the coin. I would imagine the average user is aware of the dangers of adding shady applications to their smartphone from unmentionable places around the dark corners of the internet but who would expect to pick up a possible vulnerability as part of a manufacturer’s update?
Now that Android Police have gone public we can only hope for a quick response from HTC. Until that time the only solution may involve rooting your phone which is not something I’m going to get into here as it is beyond the capabilities of the average user.
Head over to Android Police for more info on this.