10-05-2011 09:40 AM
28 12
tools
  1. Helloneumann's Avatar
    This sucks. Not happy right now.


    http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/
    nate44 and Puzzlegal like this.
    10-02-2011 09:14 AM
  2. Helloneumann's Avatar
    10-02-2011 09:21 AM
  3. PapaSmurf6768's Avatar
    Just another reason to root

    Sent via Tapatalk on my TBolt
    10-02-2011 09:23 AM
  4. Jdm4292's Avatar
    This is terrible... Any other manufacturers involved in this scheme?

    Sent from my ADR6400L using Tapatalk
    10-02-2011 09:32 AM
  5. cordoni's Avatar
    Can it log passwords from the bank of America apparently and web browsers?
    Seriously considering root now.

    Sent from my Xoom using Tapatalk
    10-02-2011 09:37 AM
  6. Helloneumann's Avatar
    Don't know anymore than this. It was posted on G+ and I put it here so everyone gets a heads up. I've never been comfortable with rooting, but I may be doing a lot of studying about it.
    10-02-2011 09:41 AM
  7. recDNA's Avatar
    Glad I don't bank by phone. I use prepaid cc for google payment so they can't steal much from me.
    10-02-2011 09:47 AM
  8. ggrr8t's Avatar
    when they presented the problem 2 h t c they seem to be very slow to respond. what an arrogant . .company. thank you very much o p .
    10-02-2011 09:54 AM
  9. jd07bos's Avatar
    UGH why did I spend so much on this POS????
    10-02-2011 10:01 AM
  10. yodatom10's Avatar
    Just root it and run a asop rom. And u will be fine.
    10-02-2011 10:58 AM
  11. cordoni's Avatar
    What is the real security risk to users? Anyone know?
    10-02-2011 11:06 AM
  12. NotJustAPhone's Avatar
    Just root it and run a asop rom. And u will be fine.
    According to the article, you can also fix by rooting and deleting the HTC software.

    Sent using Tapatalk
    10-02-2011 11:50 AM
  13. cordoni's Avatar
    If you are rooted, the app shows in Titanium backup as "freezable". I simply froze the app so I can get updates going forward, vs just deleting.

    Any thoughts on this method anyone?
    10-02-2011 12:04 PM
  14. NotJustAPhone's Avatar
    If you are rooted, the app shows in Titanium backup as "freezable". I simply froze the app so I can get updates going forward, vs just deleting.

    Any thoughts on this method anyone?
    Since freezing in TiB prevents the app from running, it should fine to do that rather than deleting.


    Sent using Tapatalk
    10-02-2011 12:16 PM
  15. Phil Nickinson's Avatar
    We just posted Jerry's explanation of what's going on. It's something that needs to be fixed, but we're not going to be sitting up nights worrying about this.

    And note that the HTC logger thing isn't in the RUU that Android Police leaked. I haven't gotten a chance to roll back to the official track yet.

    http://www.androidcentral.com/htc-co...y-way-security
    Helloneumann likes this.
    10-02-2011 04:40 PM
  16. Helloneumann's Avatar
    We just posted Jerry's explanation of what's going on. It's something that needs to be fixed, but we're not going to be sitting up nights worrying about this.

    And note that the HTC logger thing isn't in the RUU that Android Police leaked. I haven't gotten a chance to roll back to the official track yet.

    http://www.androidcentral.com/htc-co...y-way-security

    Thanks for the info. Let's hope HTC fixes it soon.
    10-02-2011 05:12 PM
  17. ksheth2130's Avatar
    I have a rooted HTC phone running the BAMF Forever 1.0.7 ROM and was wondering if we would still be affected by the security flaw since it's still running Sense, or not?
    10-02-2011 05:37 PM
  18. Bodar's Avatar
    Glad I don't bank by phone. I use prepaid cc for google payment so they can't steal much from me.
    It's not collecting passwords anyway. While it's definitely something to be concerned about, let's not overreact. Personally, I've been wanting to root and flash a custom ROM anyway, so now I have an excuse.

    "What it is collecting is data that is unique to your phone (IMEI and device ID), your account names, geo-location, and phone numbers from your call logs."

    HTC collecting data in U.S. phones with HTC Sense, storing it in a very sloppy way | Android Central
    10-02-2011 07:16 PM
  19. sURFNmADNESS's Avatar
    Does not appear on the rooted last update of DINC. Incredible owners can relax if you went this path. Not sure if last OTA update without root did not update sense to include the bad file in question though.
    10-02-2011 10:38 PM
  20. nate44's Avatar
    That nasty loggers apk didn't have a chance Thanks for the heads up
    10-03-2011 01:55 AM
  21. whiteshadow001's Avatar
    It's definitely something to watch out for but I'm not too worried. I might switch to a Samsung phone of they don't fix it

    Sent from my Thunderbolt using tapatalk
    10-03-2011 11:29 AM
  22. defcon999's Avatar
    UGH why did I spend so much on this POS????
    Just root your phone. I did....took about 5 mins. to root using "REVOLUTIONARY" (Revolutionary). I then loaded das BAMF Forever custom ROM.....totally cool UI.
    10-03-2011 11:45 AM
  23. l0wr1d3r's Avatar
    !!!

    Wi-Fi: OFF
    Mobile Network: OFF
    Fetal position: ON
    10-03-2011 11:53 AM
  24. funguy123us's Avatar
    The reason why I will NOT buy another HTC Phone!

    I am going Moto next time.
    10-03-2011 12:30 PM
  25. anon(394005)'s Avatar
    The threat seems a bit over-stated here, me thinks to drum up page views (looking at you Android Police). First, these logging tools are not collecting your passwords, texts, or e-mails. Nor are they logging everything you do on the phone. What data they are collecting is stored insecurely allowing the “possibility” of a rogue app being able to read that data and transfer it off the phone. It also seems rather silly to recommend rooting your phone in order to delete these logging utilities as that in and of itself exposes your entire phone to a rogue app which can then do anything it wants to your phone, not just read data off of it. In either case, the key is to be very careful what apps you install to begin with. Lastly, Android Police’s claim of responsible disclosure rings hollow despite referencing some crappy RFPolicy. They attempt to notify HTC on the weekend (according to them Sept. 24) and then one week later (Oct. 1), unload the info to the public? Responsible disclosure my you know what! They were more interested in page hits. :::shaking head::::::
    stoldmymojo likes this.
    10-03-2011 04:40 PM
28 12
LINK TO POST COPIED TO CLIPBOARD