Forgot your password?
typodupeerror
Android Security

HTC Android Backdoor Leaks Private User Data 82

Posted by samzenpus
from the like-a-sieve dept.
Trailrunner7 writes "There is a serious security issue with a variety of HTC Android phones that enables any app with Internet permissions to access a huge amount of private data on the device, including call logs, email addresses, SMS messages, last known GPS location and more. The problem was introduced via an update to the HTC phones that installed a tool called HTCLogger that collects the data."
This discussion has been archived. No new comments can be posted.

HTC Android Backdoor Leaks Private User Data

Comments Filter:
  • Deja View (Score:5, Informative)

    by AB3A (192265) on Monday October 03, 2011 @11:40AM (#37590216) Homepage Journal

    Didn't we discuss this Yesterday? [slashdot.org]

    • Some of us were not at "work". We missed it.
    • Maybe it's just because I have an EVO 3D, but I really think this one needs to be discussed more often. Preferably on national TV.
    • by Animats (122034)

      Didn't we discuss this Yesterday?

      This points up a classic, unrecognized problem with forum systems - few of them support merging threads.

  • Will this day ever end? Or am I doomed to repeat it forever?

    or it could just be a repost I guess....
  • by Issarlk (1429361) on Monday October 03, 2011 @11:43AM (#37590252)
    ...read Slashdot ?
  • by MarkvW (1037596) on Monday October 03, 2011 @11:44AM (#37590268)

    Phone companies have you sign adhesion contracts when you sign up for their services. In other words, "take it or leave it" contracts. These contracts are incredibly one-sided.

    If the full extent of the agreement is laid out in the contract and the contract is not "unconscionable," the contract will be enforced.

    I suspect that terms of a contract that allow a telephone provider to negligently harm a phone user in ways no phone user could reasonably anticipate would be considered an unconscionable contract.

    That could open the door for money damages.

    The phone companies work hard to get legislation to slam shut your right of access to the courts.

  • ... but wait for tomorrow. Apples big day will last at least 3 months.
  • This security breach does not appear to affect the iPhone 5 to be released tomorrow.
  • I'm usually skeptical to "GAPING HOLE" stories like this, but the Android Police article referenced in the article provided (link here [androidpolice.com]) clearly demonstrates that this is a serious problem.
    Google or, I think, HTC can just remove the app OTA until they clean this up. I can see why they need SOME of that data (build information, phone information, stack trace, etc), but what are they going to do with SMS messages and call history??
  • Why are there a measly 82 comments in the prior post and this one isn't generating a lot? This is a significant finding, and when this happens on iOS slashdot has 500+ comments. Perhaps the low comment number is because the apple folks aren't as crazy with trolling on android as vice versa?

    • I'm guessing most people take a glance at it, look at their rooted phones not running Sense or running a version of Sense old enough to not have HTC's "update" in it, and then they go on about their lives. I know that the version of VirtuousROM that I'm running doesn't have the apk they mention in the article on it.

      As far as an equivalent iOS issue, aren't you kind of just stuck with it if it's there? I mean, you can't just trivially remove the offending package or change OS or something, can you?
      • by Calibax (151875) *

        What percentage of HTC phone owners actually know how to root their phones and consider it worth the time and effort? I'd take a bet it's way less than 5%, not "most people" as you suggest.

        • What percentage of HTC phone owners actually know how to root their phones and consider it worth the time and effort? I'd take a bet it's way less than 5%, not "most people" as you suggest.

          Exactly.

        • As this is the site eternally waiting for the "Year of Linux on the Desktop," I'd hope it's a lot more than 5%. I'm just excusing why there is less outrage HERE, not around the world.
        • by iluvcapra (782887)

          "HTC phone owners" or "slashdot-reading HTC phone owners"?

          There's this sort of attitude that says that anyone who runs Android accepts the consequences, because it's "open" in this sense and you can read the source and make your own changes. People who run iOS are forced to make a somewhat more authoritarian argument because they don't really have much granular control over what they run on their phone and don't have complete control over the consequences -- and so you end up having big arguments over wet

        • by scot4875 (542869)

          And I'll bet that of the demographic that frequents Slashdot, it's much higher than that; probably "most people" for the context of usual commenters to Slashdot posts.

          --Jeremy

    • by MikeMo (521697)
      I have noticed that bad news about Android devices in general either generates a lot of Apple hate posts or no posts at all. It's like slashdot folks avert their eyes whenever bad news pops up. Note the paucity of bad news about Android on slash in general - it just doesn't make the front page.
    • Didn't you get the memo? It's very cool to dislike Apple, but it's totally not cool to beat up on Android (and by extension, Android vendors). In fact it's so very un-cool that we need to ignore Android related problems - not that there are (or ever will be) any.

      • haha i didn't realize. You're actually correct... the apple posts also generate more hits for slashdot so that explains the apple posts here as well..

    • by Belial6 (794905) on Monday October 03, 2011 @02:00PM (#37591480)
      I suspect the difference is that there is little to discuss. 82 comments is plenty for everyone to see that everyone agrees this is a problem. Whereas when there is a problem on Apple devices, Apple fanboys come out in droves to try and rationalize away the problem.

      If you want to verify this, just review the two threads and see how many people claim it isn't a problem for the the people that own the effected phones. Then go to the Apple tracking threads and count the number of people who claim it isn't a problem for people that own the effected phones.

      Honestly, I'm not sure if you are trolling, or if you actually don't see this.
    • by scot4875 (542869)

      I'm thinking a couple of reasons:

      HTC doesn't have nearly the marketshare of the iPhone. It's only one of many players in the Android handset market. A lot of people don't give a shit about HTC's security problems.

      Second, many of us who *do* have HTC phones have installed Cyanogen or some other ROM and it's a non issue. I bought a HTC phone for the hardware, not the software. What they do to fuck up their default OTAs is a complete non-issue to me because I have the freedom to not deal with their default

  • I guess HTC wants to prompt me to root my phone and install a ROM? Cause that's what this finding did.
  • I'm usually too lazy to do things such as rooting, but this (along with a few other things) seriously make me want to get a custom ROM for my phone.
    Any suggestions for an HTC incredible 2?
    • Uber nerds like the crazy amount of customization available in cyanogen.

      I enjoyed just plain vanilla android. Clean and simple.

      • by kgoods (971330)
        >>Uber nerds like the crazy amount of customization available in cyanogen. >>I enjoyed just plain vanilla android. Clean and simple. Or not so much the customization but the more-than-obvious performance boost. I have a HTC Hero, the contact is not up for another 8 months and it was getting painfully slow. Rooted it and installed cyanogen and it's like a new phone. I don't really care so much about the bells and whistles, but the responsiveness has improved so much that I may not even upgrade
        • Is it faster than vanilla android? In my test it didn't seem so...

          • by kgoods (971330)
            Easily... but that could have more to do with the vanilla being 2.1 and cyanogen being 2.3.3. Don't know don't care... happy with it the way it is. ;)
      • When you say vanilla, do you mean the image I got on the phone out of the box?
        Because that's bogged down with all kinds of crap I don't need from verizon and HTC.
    • On an Incredible S (should be the same as 2, just different market and name) if I use AndExplorer (free app) to look into the device /system/app directory I don't see an HTCLogger.apk file. I'm not experienced enough to say this model is not affected for sure, but it looks like the application causing the problem is not installed. This check is very easy to do, so if an experience Android person can tell whether it's reliable or not it'd be nice.
  • Somehow Apple must to be blame. Android is open source goodness and with so many eyes looking over the code it couldn't have flaws.
    • by wrygrin (128912)

      Somehow Apple must to be blame. Android is open source goodness and with so many eyes looking over the code it couldn't have flaws.

      that may have been intended as stinging sarcasm, but the problem is with a component of HTC's proprietary Sense overlay. that sorta takes any point out of your mockery.

      • It was sarcasm and it was more to the point that people think that Android is better because it's open source but imo it's not that open because of things like Sense so it's slowly losing any sort of benefit to being open source.
    • by dudpixel (1429789)

      um, its HTC, not Android...but the humour was noted.

      The joke is a little old though...

  • root phone and install LBE privacy guard. Works well it seems. http://lifehacker.com/5807797/lbe-privacy-guard-monitors-and-controls-what-permissions-your-android-apps-have [lifehacker.com]

What this country needs is a good five dollar plasma weapon.

Working...