Join GamesBeat Summit 2021 this April 28-29. Register for a free or VIP pass today.


htc-one-2

The FTC has just settled with smartphone and tablet maker HTC over millions of devices that had been insecurely logging customer data, opening up consumers to all kinds of malware and privacy breaches.

With this settlement, HTC must immediately stop making false promises about how it respects its customers’ privacy. It must also fire up new security measures.

The logging software involved is Carrier IQ and HTC Loggers. Carrier IQ, as you may recall, was embroiled in a public relations/privacy debacle last year over how it logs smartphone user data. However, the FTC wasn’t upset over the software itself; rather, HTC’s lousy implementation was what started the complaint and eventually led to the settlement.

“The FTC’s complaint details several vulnerabilities found on HTC’s devices … as well as programming flaws that would allow third-party applications to bypass Android’s permission-based security model,” reads the FTC’s official statement on the news.

“Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent.”

Carrier IQ’s software monitors how hundreds of millions of consumers use their mobile devices via shortcodes. The software then sends reports related to app performance, signal strength, and battery life back to carriers and manufacturers. As a Carrier IQ rep confirmed to VentureBeat in a previous interview, “The diagnostic data that we capture is mostly historical and won’t reveal where somebody is and what they are doing on a real-time basis.” Presumably, HTC Loggers does approximately the same.

However, HTC’s vulnerabilities in its implementations of these tools was the main cause for concern. Security patches are being rolled out to affected consumers now, the FTC said. FTC employees answered questions about the issues at hand via Twitter today from noon until 1 p.m. Eastern Time; interested parties can follow the hashtag #FTCpriv.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member