Print 22 comment(s) - last by Aloonatic.. on Oct 4 at 12:35 PM

HTC Thunderbolt
Android Police uncovers some of HTC's dirty laundry

It's no secret that Android smartphones are starting to take over the market, as they are available from a number of different manufacturers, come in a number of different form factors, and can be had at multiple price points (ranging from high-value to high-dollar). When its comes to the most popular Android smartphones around, companies like Samsung, Motorola, and HTC often spring to mind.
Today, however, those using some of the latest HTC smartphones may be in for a rude awakening thanks to a massive security breach discovered by the folks at Android Police. According to Artem Russakovskii, devices like the EVO 3D, EVO 4G, and Thunderbolt (among others) can fully reveal private user information if any app requests android.permission.INTERNET.
Any app that calls out for the INTERNET permission has access to the following, reports Russakovskii:
  • the list of user accounts, including email addresses and sync status for each
  • last known network and GPS locations and a limited previous history of locations
  • phone numbers from the phone log
  • SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
  • system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
All of the information is stored thanks to new logging tools that HTC has introduced on its newer smartphones.
Russakovskii goes on to add, "I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door."
Android Police provides a full "proof of concept" app which you can download, along with a video of it in action which you can view below.

Updated 10/2/2011 @ 8:46pm EST
Engadget has posted the following response from HTC:
HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.

Sources: Android Police, Gizmodo, Engadget

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Does this affect...
By Aloonatic on 10/4/2011 12:30:00 PM , Rating: 2
You fail to realise that that is exactly what I am saying that Google should move away from.

At the moment, the firmware update chain is too long.

Google > Manufacturer > Carrier > End User's Phone.

(With regional variations too, no doubt)

At any stage between Google and the End User someone can slow your update down, or block it completely.

Is this how Apple do it? Do they let every carrier tinker with iOS and decide where different models (assuming they are capable of running it) will even get an update at all?

I was saddened to see that MS allow carriers to tinker with their OS, but at least there is only 1 standard interface, rather than having HTC sense, Moto Blur, Samsung whatever...

Ms > Carrier > End User.

Ideally, it should simply be.

Google/MS > End user.

There are too many vested interests in between at the moment, although some might argue that that is what makes Android phones more afordable than iPhones.

In fact.. Ideally, I should be able to buy any phone and install any OS on it I want to buy (as there's no real reason why that shouldn't be relatively simple to get working work) but that's not going to happen.

"I f***ing cannot play Halo 2 multiplayer. I cannot do it." -- Bungie Technical Lead Chris Butcher

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki