So maybe you've heard that HTC has a bit of a security issue on its hands. Should you be worried? Let us take a moment to explain the situation and asses its severity to you.
Here's the situation. When you initially set up a Sense enabled phone you're presented with multiple preference choices. Specifically, your preference on HTC's right to collect data from your device is the root of the problem, in this case. When you allow HTC to collect data, you give them the right to record things like what apps you use, where and how you use them, your account names, location, and call logs. It's no secret that apps exist in the market that collect data such as this, but that's just the problem. It's no secret because those apps are required to express what permissions they require. In a somewhat similar fashion you voluntarily allow HTC those permissions when you check the box but they aren't required to be explicitly expressed because Sense is essentially the operating system, rather than just an app. Alright, so despite how all that sounds, that isn't the problem. The problem is that HTC has failed to sandbox their collected data meaning that currently the data is potentially accessible to other apps without them having to expressly declare permissions for collecting and using it.
Is it the end of the world? For most, probably not. Nevertheless, this was an irresponsible move on HTC's part, even if it was unintentional. Hopefully they can redeem themselves some by fixing this issue quickly. As a reminder, the security issue only affects Sense ROMS with data collection enabled. So long as you didn't allow HTC to collect data, then the issue doesn't affect you. Also if you are running a custom rom like CyanogenMod then the issue doesn't affect you. If you have a rooted Sense ROM, you can patch the vulnerability by manually removing
/system/app/HtcLoggers.apk
Again, if you allow HTC data collection and stick to quality apps, this shouldn't be much of an issue. It's just disheartening to think some scuzzball developer may be using your location data without consent and sending it to some random server. Purchase reputable apps to help reduce the chance of that happening to you. Lastly, so as to maybe offer you a bit of relief, the data at risk does not include types such as SMS, IMs, or passwords.
We're all still waiting for an official response from HTC on the matter.
[via androidcentral]
that’s very interesting I see that this site is very elegant in design
Whoops……..
Nice Job HTC….. way to protect your customers.
I understand that this is not a really big security threat, but they should have sandboxed the data anyways. There is no reason to leave it out in the open.