Anyone with an HTC smartphone should be aware that their private data may not be safe, due to a massive security flaw. The security flaw was discovered by a security researcher, Trevor Eckhart, and revealed in a report from Android Police, a blog that has exposed security problems with Android-based smartphones in the past. The report shows that several HTC (TWD: HTC) smartphones can expose sensitive user data – including email addresses, recent GPS locations, phone numbers taken from recent call logs, SMS data, including recent numbers and text messages.
“It’s like leaving your keys under the mat and expecting nobody who finds them to unlock the door,” Artem Russakovskii wrote on the Android Police blog.
Mr. Eckhart found that a new software update issued by HTC installs an application that collects user data and shares that data with other Android applications on the phone with Internet access. The security flaw affects users of the HTC Thunderbolt and the HTC EVO 3D and 4G, among others, which run on the Android operating system.
According to the report, HTC’s customization of the Android system has made it fairly easy for outside users to access personal information such as phone numbers, user accounts, e-mail addresses and location data. Any app that requests a common permission from the device can access the information.
HTC released a statement to the public, saying “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”
This isn’t the first time this type of mobile device security flaw has been discovered and revealed on a blog. Just last week, the tech blog BGR.com revealed a security flaw that allows users to bypass the password that locks AT&T’s Samsung Galaxy SII smartphone.
In the past few months, security experts have expressed particular concern with Google’s Android operation system. Last month, the security firm McAfee reported that the Google (NASDAQ: GOOG) Android operating system was the most popular target for mobile malware developers during the second quarter of this year. Meanwhile, the security firm Symantec released a white paper in June that noted that Google’s model for vetting apps on Android devices was “less rigorous and consequently, less secure” than Apple’s iOS platform.
In May, researchers in Germany found that users running Android versions 2.3.3 or lower could be vulnerable to hackers who access unencrypted Wi-Fi networks to view their calendars, photos and contacts.