HTC 'investigating' security flaw uncovered by blogger

The HTC EVO 3D The flaw is believed to affect several models, including the EVO 3D released earlier this year

Related Stories

HTC is investigating claims that a security flaw in several of its mobile phones means personal information is being exposed.

The Android Police blog says a file containing a user's GPS location and email addresses can be easily accessed once internet permissions are granted.

Several models are said to be affected, including EVO 3D, EVO 4G, Thunderbolt and potentially the Sensation range.

HTC said it is looking into the claims "as quickly as possible".

"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible," the company said in a statement.

"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."

Systems administrator Trevor Eckhart produced a proof of concept app designed to show off the vulnerability.

By simply asking a user's permission to access the internet - a request popular with games apps seeking to post scores online - the app was able to access a file named "HtcLoggers.apk".

Start Quote

It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door”

End Quote Artem Russakovskii Android Police blog

The file contained several key pieces of personal information, including:

  • The list of user accounts, including email addresses
  • A log of recent GPS locations
  • Phone numbers taken from recent call logs
  • SMS data, including recent numbers and encoded messages

The Android Police blog described the risk as "like leaving your keys under the mat and expecting nobody who finds them to unlock the door".

Rik Ferguson, director of security research and communications at Trend Micro, believes the risk should be an easy one to solve.

"It sounds like something very simple to patch," he told the BBC.

"They didn't anticipate that kind of information would be of interest. It's a lack of foresight rather than lax programming, I think. It should be something relatively easy to fix."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • Witley Court in Worcestershire Abandoned mansions

    What happened to England's lost stately homes?


  • Tray of beer being carried10 Things

    Beer is less likely to slosh than coffee, and other nuggets


  • Spoon and buckwheatSoul food

    The grain that tells you a lot about Russia's state of mind


  • Woman readingWeekendish

    The best reads you need to catch up on


  • Salim Rashid SuriThe Singing Sailor

    The young Omani who became a pre-war fusion music hit


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.