HTC reportedly has massive security hole in Android smartphones

If you use an Android smartphone from HTC, you need to be aware of a massive security flaw discovered recently. The big flaw is thanks to some sort of customization that HTC uses at the core of the Android OS on its smartphones. The flaw in the customization allows any app that asks for the right permission access to all sorts of private user data. The data isn't only open to nefarious users on HTC phones either.

The flaw on the HTC devices can be exploited by anyone because of an app that opens up a network port on any phone that is affected. The file at the core of the security flaw is called android.permission.INTERNET. The flaw can be exploited on both rooted and non-rooted HTC devices. Once the phone is accessed, the nefarious sort can get to the private data in any app on the phone including emails, GPS location, call logs, SMS logs, and information being gathered by apps that are running.

The flaw is so bad that apparently a user could duplicate the entire phone using information gleaned from the flaw. The flaw was discovered by Trevor Echart and was confirmed by Android Police. HTC has responded to the news of the flaw stating:

HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.

[via Android Community]