Sprint’s high-speed-network smartphone, the HTC EVO, goes on sale today. But the phone, which runs Google’s Android operating system and connects to Sprint’s fourth-generation wireless network, has already had a few holes poked in it by security-obsessed hackers.

Blogger Matt Mastracci wrote on Thursday evening that he had obtained a phone after Google’s I/O developer conference last week. He and a few friends found that it’s possible for an EVO app to take control of the phone, with access to any and all data stored by the owner. Mastacci has able to gain “root” access to the phone’s operating system, meaning all security and privacy controls could be overridden:

“A few hours into the investigation and we had access to root … The Sprint customizations of Android are so bad that an Android application could get access to all of your data with very little work. It’s so bad that I would not recommend purchasing the Sprint EVO or Hero.”

Mastacci’s biggest complaint is that Sprint has “locked down” the phone, preventing other parties from distributing plugs for security holes.

Is this a bad thing in the end? No. If Sprint is willing to work with white-hat hackers like Mastracci to fix problems before malicious programmers can exploit them, it could be better than relying on the phone company to take care of everything.

This is one of Android’s key selling points: By distributing the operating system’s source code, something most phone makers don’t do, Google has made it possible for Sprint to create a much more robust, problem free phone in the end.