With new software, there’s always a chance that new flaws or problems arise. On some newer HTC Sense-equipped devices, it seems that HTC’s software was logging key information on people’s handsets. This service on the device, known as HTCLoggers, was built to store GPS information, call logs, and email addresses to be sent back to HTC. Although the option to turn this uploading service off is part of the set-up process of the device, even if you turn it off the service is still running and collecting information.
With this known, it would be possible for a malicious person out there to gain all of that information, thanks to the HTCLoggers service doing all the work of collecting the information. This was seen as a pretty big security flaw, so HTC has responded after looking into the situation, and have come up with an official response. Basically, while HTC says that it’s not their own software that’s causing any problems, but that they are currently hard at work on creating a patch. As any update must be vetted by the carriers connected to each device, there’s no telling how long before the update lands on phones, but at least it should be reassuring to know the patch is incoming.
You can check out HTC’s public statement below.
HTC’s public statement
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.