Security Flaw in HTC Smartphones Leaks Your Personal Data to Certain Android Apps
Have an HTC smartphone? Chances are that some of your stored personal data has been hijacked by malicious apps on your device. Android apps that have permission to access the Internet, which is pretty much every ad-supported app out there, can snag valuable information such as email addresses, location history, phone logs, text messages, and more.
The problem child is a hidden app called HtcLoggers.apk, which can be found the EVO 3D, EVO 4G, Thunderbolt, and other HTC devices. It was possibly designed to be a troubleshooting aid for HTC, but that's not for sure. What is for sure is that it's capable of collecting all sorts of data from your device, and any app that has access to the web using android.permission.INTERNET can view it, as well as send the data off to a remote server for safekeeping. The kicker—passwords and logins are not needed.
Artem Russakovskii, one of the researchers who uncovered this flaw, said, "It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door."
Unfortunately, you can't do anything about the security flaw except wait for HTC, but they claim to be working on the issue: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
But… if you have a rooted device, or don't mind rooting your device, you can simply remove the problematic HtcLoggers (you can find the file at /system/app/HtcLoggers.apk) and all will be good. If you'd prefer to stay un-rooted, then just beware of installing malicious apps until HTC issues some kind of fix.