Skip to main content
  1. Home
  2. Mobile

HTC phones: giant security hole discovered

By
Image used with permission by copyright holder

HTC inadvertently opened a wide security hole in some of its most-recently released phones, like the EVO 3D and EVO 4G. The vulnerability, discovered by the crew at Android Police, potentially exposes a broad range of private user data, including email addresses, GPS locations and phone numbers.

The security hole appears to be a residual consequence of HTC’s latest update to the phones, which recently received a new logging tool and seems to be where the problem first showed up.

Recommended Videos

The problem exists in any app that connects to the Internet, specifically ones that send out the android.permission.INTERNET request, which, according to Android Police, “is normal for any app that connects to the web or shows ads.” Ordinarily, apps that send out this request can only find out whether you are connected to the Internet. With the security hole in place, all apps that send out such a request are found to have access to:

  • list of users accounts, email addresses and sync status for each address
  • last recorded network and GPS location, and a short list of previous such locations
  • phone numbers from the phone log
  • SMS data, including phone numbers and encoded texts
  • system logs (which may give access to additional personal data)

Amazingly, the list goes on and on. Android Police also found that notifications in the notification bar, IP addresses, CPU data, battery info, a list of installed apps and more are also exposed by the security hole. (For the detailed list, visit Android Police‘s post here.)

Related

At present, the only way to patch the hole yourself, HTC user, is to root your phone and manually remove the “APK” file that logs all your actions. Unfortunately, rooting is a process that can be difficult for users who aren’t familiar with the process. But given the serious nature of the security hole, be assured that HTC will release an official patch of its own very soon. Until then, be careful what apps you download to avoid handing over your info to malicious entities.

Editors' Recommendations

Topics
Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
The best Google Pixel 8a screen protectors in 2024
A photo of someone holding the Google Pixel 8a.

The Google Pixel 8a is Google's latest smartphone, and while it's not a match for Google's flagship phones, the Pixel 8 and 8 Pro, it's not meant to be. The Pixel 8a is a midrange powerhouse, with the Tensor G3 processor, a showstopping camera, and the advanced smarts of Google's Gemini Nano AI model.

But none of that is worth squat if you can't see it. The display is a vital part of any smartphone, and the Pixel 8a's 6.1-inch OLED panel is a beauty. It has a 120Hz refresh rate, and a much higher brightness to boot, making it the equal of some of the best phones you can grab in the midrange market. But all that tech should be protected. Here are the best Google Pixel 8a screen protectors to keep your phone's screen safe from scratches, dirt, and smears.

Read more
Apple made an outrageous change to its new iPads
An official photo of the 2024 iPad Air.

After a year-long drought of iPads, Apple finally revealed the new iPad Air and iPad Pro models during its Let Loose event on May 7. This was a unique announcement because it broke some old traditions; the iPad Air now comes in two sizes: an 11-inch and 13-inch, just like the iPad Pro. But these new iPads are also breaking another longtime tradition: They won’t come with iconic Apple stickers. Gasp.

According to 9to5Mac, Apple Store teams received a memo where Apple explained that the iconic Apple stickers won’t be included inside the boxes of the new iPad Air and iPad Pro. The reasoning? As part of Apple’s environmental goals, it is trying to ensure that its packaging is completely free of plastic.

Read more
The 5 best AirTag alternatives for 2024
Chipolo ONE 2020 attached to keys in hand.

Losing material goods is an inevitable part of life, but that doesn’t mean we should just lay down and wait for an item to disappear. Instead, we should spend our time investing in handy tracking devices. Apple’s AirTag lineup is one of the best-known options, but there are plenty of other brands to choose from, too. Whether you need to keep tabs on wallets, car keys, or other important possessions, these five AirTag alternatives are easy to set up, simple to use, and above all, reliable.

Read more