Android Police: HTC Android phones have a “massive security vulnerability”

The Android Police claims that owners of HTC’s EVO 3D, EVO 4G, Thunderbolt, etc. running the latest version of HTC software should be concerned of a security vulnerability that grants any application with Internet access entry to users’ valuable private information.

The threat was found by Justin Case, Trevor Eckhart and artem Russakovskii of the Android Police. They claim that a set of logging tools included by HTC collects info from users phones, but also opens a a backdoor for hackers, thereby allowing them to access data such as email addresses, user accounts, GPS location, text message data and phone numbers.

Additionally, the trio also discovered a “suspicious” app named androidserver.apk, which they say essentially allows third parties remote access to the phone. While they cannot confirm its real significance, the app’s mysterious nature is still on their watchlist.

After discovering this vulnerability, the Android Police contacted HTC on September 24, and after five business days of no reply, they promptly decided to publicly release their findings, as per the RFPolicy. Since this potential vulnerability has reached the public sphere, HTC has yet to release an official statement or promptly address the issue with a critical update.

According to the Android Police, the list of compromised data includes but is not limited to:

  • List of user accounts, including email addresses
  • Last known GPS location and history of previous locations
  • Phone numbers from the phone log
  • SMS data, including phone numbers and encoded text
  • System logs, which track everything your running apps do
  • System information, including build number, bootloader version, CPU info, running processes, list of installed apps, battery info and status, and network info, including IP addresses.

To view the complete findings, go HERE

(Update: HTC has released a statement saying: “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”)