Massive Security Vulnerability In HTC Android Devices

O

ocky

Well-Known Member
Joined
Apr 6, 2007
Messages
158
Massive Security Vulnerability In HTC Android Devices

In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.

That is not the case. What Trevor found is only the tip of the iceberg - we are all still digging deeper - but currently any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:
the list of user accounts, including email addresses and sync status for each
last known network and GPS locations and a limited previous history of locations
phone numbers from the phone log
SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Click to expand...
 
FNfal

FNfal

Executive Member
Joined
Jul 6, 2011
Messages
6,425
apple now HTC not good ...dont nead to load spy software on the phone to spy on it...HTC already loaded it
 
O

ocky

Well-Known Member
Joined
Apr 6, 2007
Messages
158
MyWorld said:
This should be in the Android section.
Click to expand...

Sorry. First time I have visited here since the changes to the forum user interface. My profile is gone except edit signature, so I suppose all my images are also wiped.
Maybe I don't know how to use the new forum. Well so be it, if it's that user unfriendly I am out of here.

Edit:- Apologies - it was Opera that didn't play ball. Fine with Firefox. :cool:

Masked browser id as Firefox and it's also fine with Opera.
 
Last edited:
You must log in or register to reply here.
Top