Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Vulnerabilities On HTC Android Devices

Posted by timothy on from the bit-of-an-oopsie dept.

revjtanton writes "In recent updates to some of its devices, HTC introduced a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, or corporate evilness — it doesn't matter." That's because "any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)" on one of these phones can now grab all sorts of interesting bits from the logged data.

4 of 97 comments (clear)

  1. Fix by Adam+Zweimiller · · Score: 4, Interesting

    If you are rooted, you can use Titanium Backup to uninstall HTC Loggers or you can manually delete HTCLoggers.apk from /system/app/.

    --
    mmm...muffins
    1. Re:Fix by fuzzyfuzzyfungus · · Score: 3, Interesting

      Arguably there is a problem with "the permissions"; but not in a narrowly technical sense(well, strictly speaking, it might be nice if Android broke network permissions down a little further, so that you could allow an application to access internet resources; but forbid it from connecting to anything on localhost, or allow something to connect to one or more ports on localhost; but not the outside...)

      A major vendor is shipping a 'diagnostic' application so fucked that it might as well be a rootkit on a large-but-not-precisely-known number of devices expected to be connected to the internet and in possession of relatively juicy information for most of their operational lives, and nobody in the chain decided that this was maybe a bad idea until 3rd parties discovered it and wrote it up...

      This suggests that HTC's "Sense" team might not have any.

  2. Cyanogen Mod by Anonymous Coward · · Score: 4, Interesting

    Even more reason to root and flash with CyanogenMod or other custom firmware of your choice.

    1. Re:Cyanogen Mod by izomiac · · Score: 4, Interesting

      Amusingly enough, the core CyanogenMod developers have made it abundantly clear that they vastly prioritize the ability of vendors to spy on users over the user's right to control who has access to personally identifiable data.

      (Sorry for using biased language, but I think that denying a user control over hardware they own, especially by an open source project, is just asinine.)