I posted an article this morning regarding some models of HTC phones having a security flaw that could potentially allow access to personal data on phones through unencrypted data stored by a HTC logging file. Engadget has just reported that HTC have advised that they are investigating and will be testing a patch,then after testing with carriers they`ll be releasing the patch as an Over-The-Air update to affected handsets. I haven`t been able to track down a comprehensive list of exactly which handsets are affected yet, however if I get further information i`ll post it here.
Now the only question remains is this going to affect the public perception of HTC? After the locking/un-locking bootloader story from earlier this year it remains to be seen what HTC do from here. I personally still like HTC I just think they`ve made some silly decisions so far this year and I would like to see them return to the form that saw this company produce some beautiful hardware like the Nexus One/Desire. My biggest problem which now remains is explaining to my Mother-In-Law what an OTA update is and why she needs to install it on her phone!
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
just root it and remove htclogger.apk
Very very bad HTC. Terrible mistake on their behalf- it still relies on the user installing a dodgy malicious app but still, android is sandboxed deliberately…