The fine folks over at Android Police have discovered that many HTC devices have a huge security hole due to a recent Android update. The results are pretty shocking, and HTC has no one to blame but themselves. In a recent update, HTC included a set of logging tools that logs users email accounts, last known network and GPS connection, phone numbers that have been recently dialed, encoded SMS data (probably can be decoded), and system logs.
Okay so HTC logs all of this, what’s the big deal? The big deal is that any app that requests android.permission.INTERNET can get their hands on this information. Phones include the Thunderbolt, Evo 4G, Evo 3D, and more.
As of now, the only way to patch this hole is to root your device and remove /system/app/HtcLoggers.apk. If you’re not rooted, stay away from sketchy apps. As Android Police points out, even a high-quality app could still get their hands on this information. Android Police has all of the technical details.
expand full story