HTC phones expose user data

Posted on Tuesday, October 4th 2011 at 12:04 p.m.

News surfaced over the weekend that HTC phones had a concerning security vulnerability that allowed applications with internet access to view private date on phones.  The Android blog Android Police uncovered the vulnerability and explained how users with rooted phones can remove the logging application by removing /system/app/HtcLoggers.apk.

HTC acknowledged the vulnerability and says that it will deliver an over-the-air patch to fix the hole.  In the meantime HTC recommends avoiding applications from publishers that you don’t trust.

I imagine HTCLoggers is some kind of debugging app that was used on the phone during development to test certain features of SenseUI.  It is unfortunate, however, that during the relase phase of a product, developers do not go back in and clean their power tools out of a system in order to prevent these risks.

comments powered by Disqus