Android app news: Shocking HTC security flaw exposed

Rogue app can easily access all of your personal information

Is your HTC Android handset leaking your personal data like a dripping tap? Security researchers have discovered a worrying flaw that lets any app with internet permissions access your email account, contacts and much more.

Security researchers have uncovered a staggering flaw in some HTC Android handsets which allows malicious apps with internet permissions access to your most precious data.

Reporting his findings to the Android Police blog, Trevor Eckhart has discovered that in recent updates HTC has introduced logging tools that pool important together information on your handset (for some unknown reason...).

As a result, any app on these devices which requests permission to access internet services can then pull a host of information from those files.

For example, crooks could get their dirty little mitts on your accounts, emails addresses and sync status', GPS locations, phone numbers, text messages and system logs from every running application.

Potentially a seemingly harmless game, that requests internet permission could easily claim access to the data that's contained in these files.

The Android police blog also says that "theoretically, it may be possible to clone a device using only a small subset of the information leaked here."

Mr Eckhart claims to have brought this to HTC's attention five days before taking his findings to the blog and heard nothing back from the Taiwanese giant.

The company has now issued a statement to TechRadar saying: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."

Among those handsets believed to be affected are Evo 3D and Thunderbolt.

Link: Android Police (via TechRadar)