The guys over at Android Police have found a huge security vulnerability in HTC Andriod devices, and it does not make for pleasant reading!
A recent system update from HTC introduced a logging procedure to store data about your phone use. Not too worrying in itself however they appear to have omitted to locked it down, and as a result almost any application running on the HTC has access to these logs. So far they say that apps requesting the internet access permission can get to the log (which is probably most apps!)
Data being exposed includes the list of user accounts, including email addresses; last known network and GPS locations and a limited previous history of locations; phone numbers from the phone log; SMS data, including phone numbers and encoded text, plus at least another fourteen data items.
So far the following devices are confirmed as being affected, but the list is growing!
(Note: Only stock Sense firmware is affected – if you’re running an AOSP-based ROM like CyanogenMod, you are safe.)
- EVO 4G
- EVO 3D
- EVO Shift 4G
According to the full article, HTC have so far failed to respond.
Run for the hills!