Phone manufacturer HTC’s Android phones contain a major security flaw, the company has confirmed. It says it is working on a patch to fix the issue.
HTC says no customers have been affected by the issue, which affects its Sense software on Android phones. Sense contains a logging application that collects data about your phone but mistakenly leaves it open to third-party apps.
“In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application,” the company said in a statement today. “A third-party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws.”
The flaw was first reported by AndroidPolice.com, who discovered that the Sense software opened up access to information about your phone to any Android app that gets access to the Internet. The vulnerable data includes the phone’s IP address, CPU information, and running processes.
Such a security snafu not only makes HTC look bad, it reflects negatively on all Android devices. The fact that phone manufacturers can dramatically customize Android has been contentious among consumers, since these customizations tend to slow down phones and hog memory. Yet phone makers, for some reason, seem to love putting their own stamp on the platform. If custom Android interfaces can so easily create security problems, users will rightfully begin to mistrust them.
HTC says it’s working “very diligently” on an update that will fix the issue, which will first be tested with its carrier partners before its released over-the-air. For now, the company says users should be extra cautious about obtaining apps from untrusted sources.