HTC Android smartphones, such as the Evo 3D, Evo 4G, Sensation and Thunderbolt, may have a security flaw that would allow hackers to control the phones remotely.
The flaw was created by HTC when the company installed a "suite of logging tools" on the phone to collect information, Android Police reported on its site. But download any Android Market app, OK permissions and any app will easily get a treasure trove of information, such as:
•List of user accounts, including email addresses and sync status for each last known network and GPS locations and a limited previous history of locations
•Phone numbers from the phone log
•SMS data, including phone numbers and encoded text
•System logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info.
Yikes! Artem Russakovskii from Android Police said, "It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door." It's also possible that unscrupulous people could clone your phone -- or essentially use another phone posing electronically as yours.
HTC is investigating the claims but so far has no verification that it's occurring, VentureBeat reported.
Users are cautioned not to download apps from places other than the official Android Market. While the developers still can get all your information, it's less likely they will use it for nefarious purposes, Russakovskii said. We say go one step further and don't download anything new for the next day until HTC can unequivocally say that there is no security breach.
