Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC to HTC: Patch Vulnerabilities On Smartphones and Tablets

Posted by timothy on from the tla-envy dept.

New submitter haberb writes "I always thought my HTC phones were of average or above average quality, and certainly no less secure than an vanilla Android install, but it turns out someone was still not impressed. 'Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.' Perhaps this will push HTC to release some of the ICS upgrades they promised a few months ago but never delivered, or perhaps the reason they fell through in the first place?"

8 of 111 comments (clear)

  1. Cyanogen Mod. by pecosdave · · Score: 5, Interesting

    The best software patch I've found for HTC products, though I have tried others.

    --
    The preceding post was not a Slashvertisement.
    1. Re:Cyanogen Mod. by puto · · Score: 4, Interesting

      I am a tech support manager at one of the largest cell carriers in the US, and while HTC might have nice hardware, they are very shoddily made and usually about 3 months into it 40-60% of the phones crap out multiple times and we have to end up giving out Samsung as replacements. Which is why you see the HTC 1X selling new for 99 cents, because it is a horrible piece of crap.

      --
      The Revolution Will Not Be Televised
  2. Perhaps... by Mitreya · · Score: 4, Insightful

    company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk

    It should also be illegal to install bloatware that is embedded to the point of not being removable (without at least rooting the device and perhaps voiding warranty). Nothing makes the phone more secure than facebook processes -- there are several, and a dozen other built-in crapware clients (peddling games, services, etc).

    And I don't think that buying full-priced phone changes anything, either.

    1. Re:Perhaps... by anagama · · Score: 4, Interesting

      Yeah -- but there are other's you can't do anything about. Dropbox or Google+ for example: only options are "force stop" and "uninstall updates". How about a flat out "uninstall".

      --
      What changed under Obama? Nothing Good
  3. Bad summary. by msauve · · Score: 3, Informative

    Granted, HTC was late in delivering ICS to the Thunderbolt. But, contrary to the summary's claim and link ("upgrades they promised a few months ago but never delivered"), it was in fact delivered - a few weeks ago.

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:Bad summary. by icebike · · Score: 4, Informative

      Right. Why do summary writers always try to force the story toward their pet peeve.

      Further this FTC settlement had NOTHING to do with what version of Android was installed, but rather the diagnostics and monitoring applications they had installed, mostly at the carriers request.

      Both "Carrier IQ", something demanded by carriers, till they got caught, and "Tell HTC" a bug reporting software, ended up leaving logs on the phone that contained private data in clear-text, and transmitted that data to the carriers or to HTC in un-encrypted format. It also had to do with the handling of that data once it was delivered to the carriers and more specifically to HTC.

      Why the summary writer had to make it about something else is beyond me.

      --
      Sig Battery depleted. Reverting to safe mode.
    2. Re:Bad summary. by anagama · · Score: 3, Informative

      To be clear, this is what the vulnerability did:

      Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:

              ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
              ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
              ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
              ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
              BATTERY_STATS Allows an application to collect battery statistics
              DUMP Allows an application to retrieve state dump information from system services.
              GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
              GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
              GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
              READ_LOGS Allows an application to read the low-level system log files.
              READ_SYNC_SETTINGS Allows applications to read the sync settings
              READ_SYNC_STATS Allows applications to read the sync stats

      http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

      Note the date of that article. (!)

      --
      What changed under Obama? Nothing Good
  4. Apple Phones have too many problems by tuppe666 · · Score: 4, Informative

    HTC is the only company who sells Android phones that I'd consider buying. Too bad Android apparently has issues with security updates / etc. Sure, blame the vendor... But this seems to be a prevalent problem with Android based phones.

    Lets have a little look at security on the iPhone...hmmm you can just fiddle with the power button and making an emergency call then immediately hang up, and it bypasses the passcode.

    Perhaps you would have been better with a HTC phone after all ;)