A major security issue affecting some HTC Android models has been discovered by Android Police, a website that has detected Android security flaws in the past. Personal information such as telephone numbers, e-mail addresses and user accounts may be acquired by any application that has access to the Internet. This has resulted from HTC customizing the Android system, therefore other Android devices are unaffected.

The models that have been affected incorporate the new HTCLoggers service, which stores all sorts of information about the phone’s operation inside a number of logs, including personal information. Normally, the user is supposed to be asked to allow an application to access sensitive data, or at least notified in some way. However, a bug inside HTCLoggers allows any application that has permission to access the Internet to read the information stored in the logs, which may include e-mails, logins, passwords, in other words, data that shouldn’t really be stored unless the user decides so. This causes a major concern, as just about any application on Android has access to the net, so there’s a risk of losing private information every time you update your Facebook status.

After the article at Android Police was posted, HTC stated that they were unaware of the issue and would look into it. Later, though, they acknowledged that the vulnerability in the system exists, and confirmed that a patch design to fix the issue was being developed. The models that have been affected are the EVO 3D, EVO 4G and its various versions. About 3 weeks have passed after Android Police’s discovery, but as of now only Sprint (a major U.S. carrier) has stated that a patch is ready. So until everyone else does, the owners of the above mentioned models should be careful when installing application. Try not to install applications from unknown developers, and all should be fine.

Source – Washington Post