HTC Investigating Report Its Android Devices Are Susceptible to Privacy Breach
Taiwanese cellphone maker HTC said today it is investigating a claim that its devices can leak all kinds of information to Android apps that are granted even modest permissions.
A report from Android Police (that’s a Web site, not an actual Google police force) says that any app that is given basic Internet access permission can also get access to everything from a user’s GPS location to his or her phone calls, system logs and other information.
“HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible,” the company said in a statement to AllThingsD. “We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”
According to Android Police, the issue affects devices running HTC’s Sense overlay, potentially including the EVO 4G, EVO 3D, Thunderbolt, MyTouch 4G Slide and possibly other devices.
Update, 3:15 p.m.: Asked what they make of the matter, Lookout Mobile Security, which specializes in Android-related security software, said that “it would appear that a few HTC phones contain a logging mechanism that exposes sensitive user data to an app that requests only permission to access the Internet.”
“HTC is aware of the issue but has not announced how or when they intend to address it,” Lookout told AllThingsD. “While software and hardware developers strive to create products that are proven to be resilient—vulnerabilities can still exist. This is another reminder that our phones are computers too, and as we build apps, create custom firmware or make changes to the OS – everyone in the mobile ecosystem needs to take the proper precautions to confirm information accessed on these devices is used and stored securely.”