Over the weekend a security issue was discovered in several HTC Android devices, such as the Sensation and EVO 3D, that allowed potential malicious apps that required internet permissions to gain access to HTC’s HtcLoggers service and collect user information – email accounts, SMS data and numbers, phone logs and GPS location data. HTC quickly addressed the claim and promised to resolve the issue. In a statement today the company admitted there is a security issue that could potential be a risk, but “So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability”.
To make good, HTC said they are working to release a security update over-the-air (OTA), which they “urge all users to install the update promptly”. Unfortunately there’s no clear date on when the issue will be resolved.
HTC Public Statement
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.