Essential Security Information For HTC Android Users

If you own a HTC smartphone, as I do, then you may be concerned to learn of what is described by Android Police as a “massive vulnerability”.

The security vulnerability in question apparently gives a whole lot of access to any application that has internet access. The most notable areas of private data that could be compromised include:

  • list of user accounts including email addresses
  • email addresses
  • stored phone numbers
  • text message data including both the phone numbers and the encoded text
  • GPS locations, both current and stored

Other information could also be accessible too:

  • network information such as IP addresses
  • system information including build number, CPU information, bootloader information, list of installed application, running processes and battery details.

Scary stuff huh?

How did the vulnerability come about?

According to Justin Case, Trevor Eckhart and Artem Russakovskii from Android Police the issue stems from recent updates by HTC which introduced logging tools designed to collect information from their line of smartphones for whatever reason. On the face of things this may just seem, at worst, sinister but the guys claim it is worse than that as the above info will potentially become available to:

…any app on affected devices that requests a single android.permission.INTERNET…

Open Source dangers

There are many arguments to be made both for and against open source software.¬†On the one hand, open source allows for far greater creativity, collaborative effort and lower costs. But the vulnerability the Android Police team claims to have discovered goes to show the other side of the coin. I would imagine the average user is aware of the dangers of adding shady applications to their smartphone from unmentionable places around the dark corners of the internet but who would expect to pick up a possible vulnerability as part of a manufacturer’s update?

You need to a flashplayer enabled browser to view this YouTube video

Now that Android Police have gone public we can only hope for a quick response from HTC. Until that time the only solution may involve rooting your phone which is not something I’m going to get into here as it is beyond the capabilities of the average user.

Head over to Android Police for more info on this.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] the problem. You must be aware that your phone not only has your music and your apps in it. It also has your personal data inside of it as well. So this means that you must be sure that you do not get caught with a malicious app in […]

  2. […] And since the phones are mostly on the internet these days, it is easier than ever for a black hat hacker to be able to gain access to the phone. All you have to do is to surf the web on the wrong web site and your phone is hooked into their […]

  3. […] on Monday I wrote about a “massive vulnerability” connected to HTC smart phones, as discovered by the Android Police. You can read that article to get some more detailed […]

  4. […] which link to malware are very much on the rise. In his example, if the QR code is scanned on an Android phone then it will redirect the user’s phone browser to a site where an app called jimm.apk will be […]

Speak Your Mind

*