HTC phones: giant security hole discovered

htc sensation 4g hands on software video

HTC inadvertently opened a wide security hole in some of its most-recently released phones, like the EVO 3D and EVO 4G. The vulnerability, discovered by the crew at Android Police, potentially exposes a broad range of private user data, including email addresses, GPS locations and phone numbers.

The security hole appears to be a residual consequence of HTC’s latest update to the phones, which recently received a new logging tool and seems to be where the problem first showed up.

The problem exists in any app that connects to the Internet, specifically ones that send out the android.permission.INTERNET request, which, according to Android Police, “is normal for any app that connects to the web or shows ads.” Ordinarily, apps that send out this request can only find out whether you are connected to the Internet. With the security hole in place, all apps that send out such a request are found to have access to:

  • list of users accounts, email addresses and sync status for each address
  • last recorded network and GPS location, and a short list of previous such locations
  • phone numbers from the phone log
  • SMS data, including phone numbers and encoded texts
  • system logs (which may give access to additional personal data)

Amazingly, the list goes on and on. Android Police also found that notifications in the notification bar, IP addresses, CPU data, battery info, a list of installed apps and more are also exposed by the security hole. (For the detailed list, visit Android Police‘s post here.)

At present, the only way to patch the hole yourself, HTC user, is to root your phone and manually remove the “APK” file that logs all your actions. Unfortunately, rooting is a process that can be difficult for users who aren’t familiar with the process. But given the serious nature of the security hole, be assured that HTC will release an official patch of its own very soon. Until then, be careful what apps you download to avoid handing over your info to malicious entities.


Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.

Rooting your Android device is risky. Do it right with our handy guide

Wondering whether to root your Android smartphone or stick with stock Android? Perhaps you’ve decided to do it and you just need to know how? Here, you'll find an explanation and a quick guide on how to root Android devices.

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.

Free yourself! How to unlock a phone from the icy hands of your wireless carrier

Do you want to know how to unlock a phone through your carrier or a third-party service like DoctorSIM? Regardless of which way you want to go, we've compiled a list of requirements and methods for doing so.

These voice-changing apps will have you punking friends and family like a pro

Have you ever wanted to call your friends as Darth Vader or Alvin from the Chipmunks? If you want to play a prank on your friends, we have the best voice-changer apps for iOS and Android, whether you want to record audio or make a call.

The Black Shark 2’s Ludicrous Mode promises the smoothest mobile gaming

Xiaomi-backed Black Shark has a follow-up to last year's Black Shark gaming phone, complete with high specs and a low price. Here's everything we know about the Black Shark 2 gaming phone.

Google's midrange Pixels might be called the Pixel 3a and Pixel 3a XL

The Google Pixel 3 and Pixel 3 XL are considered to be two of the best Android smartphones, but it looks like Google could be prepping a midrange line. Say hello to the Pixel 3a and Pixel 3a XL.

Whether by the pool or the sea, make a splash with the best waterproof phones

Whether you're looking for a phone you can use in the bath, or you just want that extra peace of mind, waterproof phones are here and they're amazing. Check out our selection of the best ones you can buy.

Say goodbye to Uber for good: Here's how to cut ties with the ridesharing service

If you thought that deleting the Uber app would also delete your account, think again. You'll have to deactivate your account, then wait 30 days in order to do so. Here, we outlined how to delete your Uber account once and for all.

Does this video show off the Huawei P30 Pro's impressive camera suite?

The Huawei P30 Pro will be announced on March 26. It has already started to leak ahead of this date, and expectations are high that the company will improve even further on the P20 Pro's camera.

Google Fi: Phones, plans, pricing, perks, and more explained

Google's wireless service, formerly Project Fi, now goes by the name of Google Fi, and it's now compatible with a majority of Android phones, as well as iPhones. Here's everything you need to know about Google Fi.

Google hit with another fine by the EU, this time for $1.7 billion

Google has been fined for the third time by the EU, this time for breaching antitrust laws by requiring third-party websites using its search function to prioritize its ads over competitors.

You can now use the innovative Red Hydrogen One on Google Fi

The Red Hydrogen One was first announced in 2017 and has been delayed a few times since then. Now, the Red Hydrogen One is finally available, featuring a Qualcomm Snapdragon 835, 6GB of RAM, and 128GB of storage.

The best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods might be new and improved, but they aren't the only game in town. Other makers are offering their own truly wireless earbuds, with attractive features. These are the best AirPod alternatives on the market today.