[Helloneumann]

This sucks. Not happy right now.


http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

[Helloneumann]

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More


Fixed link, sorry.

[PapaSmurf6768]

Just another reason to root

Sent via Tapatalk on my TBolt

[Jdm4292]

This is terrible... Any other manufacturers involved in this scheme?

Sent from my ADR6400L using Tapatalk

[cordoni]

Can it log passwords from the bank of America apparently and web browsers?
Seriously considering root now.

Sent from my Xoom using Tapatalk

[Helloneumann]

Don't know anymore than this. It was posted on G+ and I put it here so everyone gets a heads up. I've never been comfortable with rooting, but I may be doing a lot of studying about it.

[recDNA]

Glad I don't bank by phone. I use prepaid cc for google payment so they can't steal much from me.

[ggrr8t]

when they presented the problem 2 h t c they seem to be very slow to respond. what an arrogant . .company. thank you very much o p .

[jd07bos]

UGH why did I spend so much on this POS????

[yodatom10]

Just root it and run a asop rom. And u will be fine.

[cordoni]

What is the real security risk to users? Anyone know?

[NotJustAPhone]

Just root it and run a asop rom. And u will be fine.

According to the article, you can also fix by rooting and deleting the HTC software.

Sent using Tapatalk

[cordoni]

If you are rooted, the app shows in Titanium backup as "freezable". I simply froze the app so I can get updates going forward, vs just deleting.

Any thoughts on this method anyone?

[NotJustAPhone]

If you are rooted, the app shows in Titanium backup as "freezable". I simply froze the app so I can get updates going forward, vs just deleting.

Any thoughts on this method anyone?

Since freezing in TiB prevents the app from running, it should fine to do that rather than deleting.


Sent using Tapatalk

[Phil Nickinson]

We just posted Jerry's explanation of what's going on. It's something that needs to be fixed, but we're not going to be sitting up nights worrying about this.

And note that the HTC logger thing isn't in the RUU that Android Police leaked. I haven't gotten a chance to roll back to the official track yet.

http://www.androidcentral.com/htc-co...y-way-security

[Helloneumann]

We just posted Jerry's explanation of what's going on. It's something that needs to be fixed, but we're not going to be sitting up nights worrying about this.

And note that the HTC logger thing isn't in the RUU that Android Police leaked. I haven't gotten a chance to roll back to the official track yet.

http://www.androidcentral.com/htc-co...y-way-security

Thanks for the info. Let's hope HTC fixes it soon.

[ksheth2130]

I have a rooted HTC phone running the BAMF Forever 1.0.7 ROM and was wondering if we would still be affected by the security flaw since it's still running Sense, or not?

[Bodar]

Glad I don't bank by phone. I use prepaid cc for google payment so they can't steal much from me.

It's not collecting passwords anyway. While it's definitely something to be concerned about, let's not overreact. Personally, I've been wanting to root and flash a custom ROM anyway, so now I have an excuse.

"What it is collecting is data that is unique to your phone (IMEI and device ID), your account names, geo-location, and phone numbers from your call logs."

HTC collecting data in U.S. phones with HTC Sense, storing it in a very sloppy way | Android Central

[sURFNmADNESS]

Does not appear on the rooted last update of DINC. Incredible owners can relax if you went this path. Not sure if last OTA update without root did not update sense to include the bad file in question though.

[nate44]

That nasty loggers apk didn't have a chance Thanks for the heads up

[whiteshadow001]

It's definitely something to watch out for but I'm not too worried. I might switch to a Samsung phone of they don't fix it

Sent from my Thunderbolt using tapatalk

[defcon999]

UGH why did I spend so much on this POS????

Just root your phone. I did....took about 5 mins. to root using "REVOLUTIONARY" (Revolutionary). I then loaded das BAMF Forever custom ROM.....totally cool UI.

[l0wr1d3r]

!!!

Wi-Fi: OFF
Mobile Network: OFF
Fetal position: ON

[funguy123us]

The reason why I will NOT buy another HTC Phone!

I am going Moto next time.

[anon(394005)]

The threat seems a bit over-stated here, me thinks to drum up page views (looking at you Android Police). First, these logging tools are not collecting your passwords, texts, or e-mails. Nor are they logging everything you do on the phone. What data they are collecting is stored insecurely allowing the “possibility” of a rogue app being able to read that data and transfer it off the phone. It also seems rather silly to recommend rooting your phone in order to delete these logging utilities as that in and of itself exposes your entire phone to a rogue app which can then do anything it wants to your phone, not just read data off of it. In either case, the key is to be very careful what apps you install to begin with. Lastly, Android Police’s claim of responsible disclosure rings hollow despite referencing some crappy RFPolicy. They attempt to notify HTC on the weekend (according to them Sept. 24) and then one week later (Oct. 1), unload the info to the public? Responsible disclosure my you know what! They were more interested in page hits. :::shaking head::::::