HTC 'investigating' security flaw uncovered by blogger

The HTC EVO 3D The flaw is believed to affect several models, including the EVO 3D released earlier this year

Related Stories

HTC is investigating claims that a security flaw in several of its mobile phones means personal information is being exposed.

The Android Police blog says a file containing a user's GPS location and email addresses can be easily accessed once internet permissions are granted.

Several models are said to be affected, including EVO 3D, EVO 4G, Thunderbolt and potentially the Sensation range.

HTC said it is looking into the claims "as quickly as possible".

"HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible," the company said in a statement.

"We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."

Systems administrator Trevor Eckhart produced a proof of concept app designed to show off the vulnerability.

By simply asking a user's permission to access the internet - a request popular with games apps seeking to post scores online - the app was able to access a file named "HtcLoggers.apk".

Start Quote

It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door”

End Quote Artem Russakovskii Android Police blog

The file contained several key pieces of personal information, including:

  • The list of user accounts, including email addresses
  • A log of recent GPS locations
  • Phone numbers taken from recent call logs
  • SMS data, including recent numbers and encoded messages

The Android Police blog described the risk as "like leaving your keys under the mat and expecting nobody who finds them to unlock the door".

Rik Ferguson, director of security research and communications at Trend Micro, believes the risk should be an easy one to solve.

"It sounds like something very simple to patch," he told the BBC.

"They didn't anticipate that kind of information would be of interest. It's a lack of foresight rather than lax programming, I think. It should be something relatively easy to fix."

More on This Story

Related Stories

The BBC is not responsible for the content of external Internet sites

More Technology stories

RSS

Features

  • The OfficeIn pictures

    Fifty landmark shows from 50 years of BBC Two


  • French luxury Tea House, Mariage Freres display of tea pots Tea for tu

    France falls back in love with tea - but don't expect a British cuppa


  • Worcestershire flagFlying the flag

    Preserving the identities of England's counties


  • Female model's bottom in leopard skin trousers as she walks up the catwalkBum deal

    Why budget buttock ops can be bad for your health


  • Two women in  JohanesburgYour pictures

    Readers' photos on the theme of South Africa


BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.