HTC Android Phones May Have “Massive Security Vulnerability”

CommanderFrank

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,399
If you are the owner of an HTC 3G/4G smartphone, there is a good chance you may be vulnerable to your downloaded apps taking permissions with your phone without your authorization. Your personal data could be at risk.

Apparently, HTC installed a suite of logging tools — for a purpose that’s still unclear — but neglected to secure the data that was being logged. “It’s like leaving your keys under the mat and expecting nobody who finds them to unlock the door,” Russakovskii writes.
Click to expand...
 
Great, just great. I've got an Evo that I use for both personal and business uses. This better get fixed, and fast.
 
easy fix just root, use cm7 or delete the apk and the log files if your on GB sense.... DONE
 
Another reason why I will only buy Nexus phones. Plain Vanilla Android is fine for me. Updates come quick, and don't have to deal with issues like this.
 
True, and CM7 rocks.

I really want to but mine's still under the 1yr warranty and I'm not going through all of that until it's up in Nov. In fact, Sprint has a replacement coming for mine tomorrow since it's exhibiting crashes and random reboots. If it keeps acting up, I'm going to tell them to give me a different phone since mine is also for business critical use.
 
Gonna be blunt..if you are running an unrooted, unmodded HTC phone then I have little sympathy. Love my Incredible, but that thing ran like complete crap and ate its battery like nobody's business stock. Same seems to apply to most HTC Phones.
 
DejaWiz said:
Great, just great. I've got an Evo that I use for both personal and business uses. This better get fixed, and fast.
Click to expand...

anyone running an Android phone with stock firmware/software is under-utilizing their hardware to begin with, and should buy an iPhone

i repeat, you want an out of the box solution, go apple.....the rest of us will happily go android
 
nobody_here said:
anyone running an Android phone with stock firmware/software is under-utilizing their hardware to begin with, and should buy an iPhone

i repeat, you want an out of the box solution, go apple.....the rest of us will happily go android
Click to expand...

The small screen on the iPhone is just one of many reasons why I steered clear of it. Oh, that and its an Apple product and, like Sony, I vowed never to support in any way, shape, or form.

My phone gets used daily for things like navigation when I have to go to different client sites, so the larger the screen, the better for me.
 
Oh, and did you read the part where I stated I want to root with CM7, but can't risk it right now since my phone is still under warranty and is for business use?
 
DejaWiz said:
Oh, and did you read the part where I stated I want to root with CM7, but can't risk it right now since my phone is still under warranty and is for business use?
Click to expand...

warranties schwarienties

do what you need to do to get things done, if you need to do a warranty return flash the stock firmware back, if its dead it doesnt matter whats on it.....
 
When I got my HTC wildfire the first thing I did was to remove root and install the CM7. The HTC version of Android and their HTC sence interface simply is the pits. I had emailed HTC support asking them how I can get rid of "Sense" and they claimed it was a feature that could not be disabled. Now that I know this of this bug, I am really invalidated my warranty.

I am going to advise people not to purchase a HTC handset unless your intention is to put custom firmware on it.
 
HTC Android Phones May Have “Massive Security Vulnerability”
Click to expand...

Isn't the vulnerability called Android? *rimshot*

But seriously, it's not like Google manage to get anything past beta anyway.
 
Windows phone lol

I got an android a little while ago, long story short i will be ordering an iPhone 5.
 
diehard said:
Windows phone lol

I got an android a little while ago, long story short i will be ordering an iPhone 5.
Click to expand...

Good for you, it's a positive step forward to admit you need steve to hold your hand, after all smart phones are pretty complicated these days.:)
 
From what I've been reading its only Sense UI enabled phones (ROMs included I would guess). Now while I did have a Sense enabled ROM my /data/data directory was completely empty. Also I was rooted and just manually deleted HTCLoggers.apk from the /system/app/ location and while my phone did repeatedly display a force close message after dropping the battery and rebooting its fine now and HTCLoggers.apk is gone.
 
It's impossible to void your warranty on an android phone by rooting.... once an SBF is out ;)
 
diehard said:
Windows phone lol

I got an android a little while ago, long story short i will be ordering an iPhone 5.
Click to expand...

It's OK. You don't have to hide your jealous of Windows Phone and how it's the smoothest and most responsive smartphone OS out on the market.

I've seen my friend's iPhone 4 lag when scrolling through e-mails before. Pretty sad. I just assumed every OS was as smooth as Windows Phone when it came to something as simple as scrolling through e-mails.

Geuss not. :cool:
 
The logging built into the stock rom also logs gps location and other sensitive information. Along with logging this stuff the phone will try to send it to a amazon ip which google uses as a cloud data service.
 
azrael.arach said:
The logging is alittle bit more complex then just one system app. With the evo 3d and sensation the logging is embed into almost every app and framework including the calculator, wtf. This is for the Evo 3D but same stuff has been found in all of the newest HTC phones with android on them.

http://forum.xda-developers.com/showthread.php?t=1247108
Click to expand...

From what I was reading on the Android Police site, the logging truly has its claws in just about everything, however the HTCLoggers.apk (/system/apps) is the package that serves this information up (/data/data), if its deleted, there is no way for your phone to serve up or release the information collected.

Again this is only for HTC Stock ROMs & Sense Based ROMs. AOSP based ROMs (CM7 for example) are safe from this vulnerability from what I've gathered so far.
 
nobody_here said:
warranties schwarienties

do what you need to do to get things done, if you need to do a warranty return flash the stock firmware back, if its dead it doesnt matter whats on it.....
Click to expand...

if anything at all happens and its not stock firmware when they get the dead unit back its not covered under the warranty. and there are tons of things that can happen and leave you with no way to get back to the stock firmware.

because of this, you cant really be all that critical of people who dont want to root their device.

personally, the only reason im not rooted as of yet is because i just havnt gotten around to it.... im the kind of person that you really should have no sympathy for lol :p
 
Solidstate89 said:
It's OK. You don't have to hide your jealous of Windows Phone and how it's the smoothest and most responsive smartphone OS out on the market.

I've seen my friend's iPhone 4 lag when scrolling through e-mails before. Pretty sad. I just assumed every OS was as smooth as Windows Phone when it came to something as simple as scrolling through e-mails.

Geuss not. :cool:
Click to expand...

Maybe it was lagging, he probably had some apps still running in the background. We all know there's no apps worth running on WP7.
 
DejaWiz said:
Oh, and did you read the part where I stated I want to root with CM7, but can't risk it right now since my phone is still under warranty and is for business use?
Click to expand...

So is mine on both accounts. Problem comes up with phone, simply flash it back to stock.

harbingerofdoom said:
if anything at all happens and its not stock firmware when they get the dead unit back its not covered under the warranty. and there are tons of things that can happen and leave you with no way to get back to the stock firmware.

because of this, you cant really be all that critical of people who dont want to root their device.

personally, the only reason im not rooted as of yet is because i just havnt gotten around to it.... im the kind of person that you really should have no sympathy for lol :p
Click to expand...

If you can't get the phone to function well enough to tell what is on it, neither can they. If it is physical damage, just smash it a little more to ensure. Point is, there is essentially nothing that can happen that can prevent you from reloading factory and allow them to see it is rooted.
 
Dekoth-E- said:
Gonna be blunt..if you are running an unrooted, unmodded HTC phone then I have little sympathy. Love my Incredible, but that thing ran like complete crap and ate its battery like nobody's business stock. Same seems to apply to most HTC Phones.
Click to expand...

Same here, I love my Incredible but I hate HTC sense. It's almost as if HTC is enticing you to void your warranty by making it so that there is no way sense can be disabled on the Incredible. Sense is literally the only reason I would not consider buying another HTC phone again. CM7 runs great on this phone without all the bloatware.
 
Wow, hard to believe just a year ago HTC was the darling of the world. Now they get caught with this, have buggy software and Samsung has taken the top spot.
 
just another reason to root and flash to a good rom that doesn't use any of the Sense BS
 
Cali3350 said:
Wow, hard to believe just a year ago HTC was the darling of the world. Now they get caught with this, have buggy software and Samsung has taken the top spot.
Click to expand...

Yep and its hard to believe that Samsung has the top spot after the BS they pulled with the craptivate.
 
Ok so I'm a noob in the area of rooting :(:eek:, what is CM7 and where do I get it? Is it hard to root a phone? I have a HTC my touch 4G (Glacier)
Thanks for the help
 
diehard said:
Maybe it was lagging, he probably had some apps still running in the background. We all know there's no apps worth running on WP7.
Click to expand...

Except there's no "running" apps in the background for iOS. It freezes the into RAM just like WP7 does.

The only difference is, WP7 is better. :p
 
qfwm said:
Ok so I'm a noob in the area of rooting :(:eek:, what is CM7 and where do I get it? Is it hard to root a phone? I have a HTC my touch 4G (Glacier)
Thanks for the help
Click to expand...

Just google Cyanogen Mod (CM7) for info on that.

Concerning your phone, google rooting it. Different phones, different experiences.
 
You must log in or register to reply here.
Back
Top