Skip to main content

HTC phones: giant security hole discovered

Image used with permission by copyright holder

HTC inadvertently opened a wide security hole in some of its most-recently released phones, like the EVO 3D and EVO 4G. The vulnerability, discovered by the crew at Android Police, potentially exposes a broad range of private user data, including email addresses, GPS locations and phone numbers.

The security hole appears to be a residual consequence of HTC’s latest update to the phones, which recently received a new logging tool and seems to be where the problem first showed up.

The problem exists in any app that connects to the Internet, specifically ones that send out the android.permission.INTERNET request, which, according to Android Police, “is normal for any app that connects to the web or shows ads.” Ordinarily, apps that send out this request can only find out whether you are connected to the Internet. With the security hole in place, all apps that send out such a request are found to have access to:

  • list of users accounts, email addresses and sync status for each address
  • last recorded network and GPS location, and a short list of previous such locations
  • phone numbers from the phone log
  • SMS data, including phone numbers and encoded texts
  • system logs (which may give access to additional personal data)

Amazingly, the list goes on and on. Android Police also found that notifications in the notification bar, IP addresses, CPU data, battery info, a list of installed apps and more are also exposed by the security hole. (For the detailed list, visit Android Police‘s post here.)

At present, the only way to patch the hole yourself, HTC user, is to root your phone and manually remove the “APK” file that logs all your actions. Unfortunately, rooting is a process that can be difficult for users who aren’t familiar with the process. But given the serious nature of the security hole, be assured that HTC will release an official patch of its own very soon. Until then, be careful what apps you download to avoid handing over your info to malicious entities.

Editors' Recommendations

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
The 6 best tablets for business in 2024
The App Library on the iPad Pro (2022).

Buying the best tablet for business isn’t quite as simple as just buying something from our look at the best tablets. Business users have specific needs which mean they don’t have to worry so much high-end gaming performance or a particularly sharp and speedy display. Instead, it’s mostly about strong number crunching ability, plenty of storage, good cameras for calls, and those kind of responsible considerations.

That’s why we’ve specifically picked out the best tablets for business below. Further down, we’ve also gone into greater depth about how we came to our decisions but rest assured, we’re experts in the field and know exactly what a business user needs from a great tablet. For some of you that may mean one of the best iPads but for others, it means an Android device or even a hybrid laptop/tablet setup.

Read more
8 features I want on the Fitbit Sense 3 (if there is one)
The Fitbit Sense 2 lying sideways in moss.

The Fitbit Sense 2 is Fitbit's most advanced and expensive smartwatch. Its features include an electrocardiogram (ECG) app, sleep monitoring, GPS, and heart rate monitoring. Additionally, it has exercise tracking, stress management tools, and a skin temperature sensor. The watch also features Google Maps and Google Wallet, among other things.

Google launched the Fitbit Sense 2 in September 2022, two years after the first model. This suggests that we may see the release of a Fitbit Sense 3 before the year ends. The features and design of the new Fitbit smartwatch are still unknown, but we have some suggestions. Interestingly, many of the items on our wish list are features that were present in the first Fitbit Sense, but removed from the second version.
Wear OS (and the Google Play Store)

Read more
How to cancel Spotify Premium on any device
Event listing for Chappel Roan on Spotify, seen on an iPhone.

Your Spotify Premium account has served you well for many years, but you’ve recently gotten the bug for hi-res listening, so it’s off to Tidal for all things tunes! Or maybe you’re just trying to lighten the load when it comes time to pay for your monthly streaming subscriptions. Whatever the case may be, canceling Spotify Premium isn’t too difficult, and we’ve put together this step-by-step guide to get you pressing that red goodbye button on your PC, smartphone, or tablet.

Read more