HTC Android Devices Plagued With Major Security Vulnerability (video)October 3, 2011 No Comments
It’s not secret that Android is plagued with security flaws. Time and time again there is always a security threat to some if not all their handsets. This one particular one is not only a huge problem but it also only involves Android devices made by HTC.
HTC has added a new application inside their new Android device called HTC Logger. Not sure what HTC plans to do with all this information but really big issue here is that 3rd party applications can access these files simply by having permission to connect to the Internet.
Any app on affected devices that requests a single android.permission.INTERNET can get its hands on:
- the list of user accounts, including email addresses and sync status for each
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
This one may not be 100% blame on Android but the sad thing for Android users is that this is by far not the first security issue they face and certainly not the last.