HTC Sense Security Scare – Should you be worried?

So maybe you’ve heard that HTC has a bit of a security issue on its hands. Should you be worried? Let us take a moment to explain the situation and asses its severity to you.

Here’s the situation. When you initially set up a Sense enabled phone you’re presented with multiple preference choices. Specifically, your preference on HTC’s right to collect data from your device is the root of the problem, in this case. When you allow HTC to collect data, you give them the right to record things like what apps you use, where and how you use them, your account names, location, and call logs. It’s no secret that apps exist in the market that collect data such as this, but that’s just the problem. It’s no secret because those apps are required to express what permissions they require. In a somewhat similar fashion you voluntarily allow HTC those permissions when you check the box but they aren’t required to be explicitly expressed because Sense is essentially the operating system, rather than just an app. Alright, so despite how all that sounds, that isn’t the problem. The problem is that HTC has failed to sandbox their collected data meaning that currently the data is potentially accessible to other apps without them having to expressly declare permissions for collecting and using it.

Is it the end of the world? For most, probably not. Nevertheless, this was an irresponsible move on HTC’s part, even if it was unintentional. Hopefully they can redeem themselves some by fixing this issue quickly. As a reminder, the security issue only affects Sense ROMS with data collection enabled. So long as you didn’t allow HTC to collect data, then the issue doesn’t affect you. Also  if you are running a custom rom like CyanogenMod then the issue doesn’t affect you. If you have a rooted Sense ROM, you can patch the vulnerability by manually removing

/system/app/HtcLoggers.apk

Again, if you allow HTC data collection and stick to quality apps, this shouldn’t be much of an issue. It’s just disheartening to think some scuzzball developer may be using your location data without consent and sending it to some random server. Purchase reputable apps to help reduce the chance of that happening to you. Lastly, so as to maybe offer you a bit of relief, the data at risk does not include types such as SMS, IMs, or passwords.

We’re all still waiting for an official response from HTC on the matter.

[via androidcentral]


About the Author: Jim Farmer

Originally from Mathews Virginia, Jim is now residing in Newport News where he attends Christopher Newport University, majoring in Computer Science. He interns with NASA Langley by day, and scours the internet for Android News by night. In his free time, he enjoys stand-up paddle-boarding, pwning on XBOX Live, coding, or hanging out with his favorite gal in the world, Morgan. His hero is Dean Kamen, you know, aside from Andy Rubin, and as for politics he’s for Open Source, Net Neutrality, and Unlimited Data.


  • Curt

    Whoops……..

    Nice Job HTC….. way to protect your customers.

    I understand that this is not a really big security threat, but they should have sandboxed the data anyways. There is no reason to leave it out in the open.

  • http://citymanual.net/1-27-1419964887-Pirates_Prisoner.html Lucrecia Pannone

    that’s very interesting I see that this site is very elegant in design