Free Newsletter

FEATURES >> The top 10 U.S. carriers in Q1 | CTIA 2012: Winners and losers

Related Topics >> HTC | Android | Mobile Security | Sense UI

HTC preps patch to fix Android device security vulnerability

October 5, 2011 — 10:11am ET | By Jason Ankeny

AndroidPolice.com and security researcher Trevor Eckhart reported days earlier that the most recent version of HTC's customized Sense UI contains a logging tools flaw giving installed apps access to a wealth of device, operating system and usage information, even if the consumer only granted the app access to the device's Internet capabilities for the purposes of uploading and downloading data. The data in question--including build number, network information, list of installed apps, user IDs and full memory info--could theoretically be sufficient to clone the device, the report states.

HTC said it is "working diligently" on a security update that will address the issue. "In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application," HTC said in a statement. "Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it."

HTC goes on to state that hackers can only exploit the vulnerability via malicious apps already installed on an Android device running the Sense UI, and it cautions users only to download apps from trusted sources, especially until the company issues the patch. "So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability," HTC said.

For more:
- read this InformationWeek article