HTC admits security vulnerability in various Android devices, OTA update coming soon

Ian Hardy

October 4, 2011 7:38am

Over the weekend a security issue was discovered in several HTC Android devices, such as the Sensation and EVO 3D, that allowed potential malicious apps that required internet permissions to gain access to HTC’s HtcLoggers service and collect user information – email accounts, SMS data and numbers, phone logs and GPS location data. HTC quickly addressed the claim and promised to resolve the issue. In a statement today the company admitted there is a security issue that could potential be a risk, but “So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability”.

To make good, HTC said they are working to release a security update over-the-air (OTA), which they “urge all users to install the update promptly”. Unfortunately there’s no clear date on when the issue will be resolved.

HTC Public Statement

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.

HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

Source: Engadget

  • im first

    At least HTC is willing to admit their mistakes and fix em.

    • Mark

      Not ‘Admit’ >>> Caught. And dragged in to light of day.

  • Mark

    Is it just me or is Samsung now winning the quality assurance/control battle? I wouldn’t have believed it a year ago, what with the gps fiasco and other issues that plagued their earlier android efforts. Now They’re probably making devices with the best specs, they won the google phone contract from HTC, and hired cyanogen. Meanwhile HTC is causing me to lose faith. I’m a raving HTC fanboy, but I’m really being swayed over to the dark side here.

  • blairm

    Good thing I rooted and git rid if the HTC bloat!

  • KidCanada

    Issue fix:

    Android: there’s an update for that coming soon.

    Apple: There’s an excuse for that.

    RIM: There’s in update for that…in a couple months.

    Sounds about right for all 😀

  • bc

    It will likely be many months before any of the Canadian Carriers provide any kind of

  • troll

    i rooted my htc and I couldn’t get much happier.
    still, can’t wait to see the iFun 4SS.

  • TeknoBug

    I like HTC, I’m glad they’re coming forward and willing to fix them, unlike many other companies out there *cough*Motorola. Meanwhile I’m glad I rooted my Desire and have Cyanogenmod on it.

    Keep a watch on XDA for the vanilla RUU since it takes for freaking ever for them to hit Canadian carriers, besides Telus takes out certain features on their’s.

  • Stuntman

    HTC is handling this all wrong. They are supposed to claim that all phones have security vulnerabilities like the SGS2 security lock issue, deny that it is a problem, say people are holding it wrong and then give customers free bumpers. They’re not supposed to flat out and admit that it is a problem and promise to fix it. 🙂

  • Derek

    Thanks goes to XDA for posting a story on this security vulnerability to get HTC’s attention, and to HTC for listening to their customers!