According to Android Police, some HTC Android phones may contain massive security flaws – and one is so bad that it left some researchers “speechless.” That’s no bueno, HTC.
The security holes leave quite a bit at stake. The report states that any app connecting to the internet can gain access to email addresses, system logs and personal information on your phone.
It’s not clear how many devices the problem affects: the Evo 3D, EVO 4G, and Thunderbolt all have the problem, but so may the “Evo Shift 4G, the MyTouch 4G Slide, the upcoming Vigor, some Sensations” and other possible units, according to the report.
It basically leaves a lot of information available to the apps, including:
- the list of user accounts, including email addresses and sync status for each
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Unfortunately, it seems the more that the guys at Android Police seem to dig in, the more they find. It’s anyone’s guess how far the extent of the problem goes, though HTC has not yet commented on the situation.
The only way to fix the flaws is to wait for a fix from HTC, the manufacturer, or to jailbreak your phone and attempt to remove it yourself (we don’t really recommend doing that, unless you know what you’re doing).
[via Android Police]