HTC’s Android phones contain massive data leak vulnerability

Security researches have found HTC includes a logging application in most of their latest Android phones which quietly collects user information in the background, and which then serves up the information to any application which asks who also has internet access.

The data collected by HTC Logger and which is available to any application with android.permission.INTERNET includes:

  • the list of user accounts, including email addresses and sync status for each
  • last known network and GPS locations and a limited previous history of locations
  • phone numbers from the phone log
  • SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
  • system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info

It is not clear what HTC intends to do with all the data, but the only way for users to prevent 3rd party apps from accessing the data is either to root their device or to flash a new ROM.

HTC has so far not responded to queries by the researchers.

Read more at AndroidPolice here.



About Author

Site Admin and Windows Phone enthusiast, he has been using Windows Mobile devices since before they were called PocketPC™s. He is currently sporting a Nokia Lumia 930.