If you’ve got an HTC Android device, you may want to consider sending an angry email HTC’s way. It will go nicely with all of the others that they’re likely getting after it was discovered that a bug in a recent patch allows third-party apps to access a veritable treasure trove of your personal data.
Here’s the thing. Companies record your data. This is a fact of life, if you enjoy free stuff. Now, in general we have an uneasy alliance with companies that collect anonymous data. It turns out that HTC has gone one step further than the typical data collection. A suite of logging tools from HTC has access to a ton of info including call logs, SMS data, account info, and last known network and GPS locations. For some reason, people who aren’t HTC are able to query these tools for that information if they have a single permission on your phone.
That permission, in dev-speak, is android.permission.INTERNET.
If that sounds pretty broad, that’s because it is. android.permission.INTERNET is the permission that an app requests when it wants to…well….get on the internet. This is almost all apps on the Market right now. Including most legitimate apps. While it’s unlikely that Facebook, Amazon, IMDb, Netflix, or any of the other respectable apps out there are going to start logging on and downloading your GPS location, your ability to distinguish between a legitimate app and a shady one just got a lot harder.
This is an insanely serious security bug. If you’re using an HTC device, you’d do well to root your device now and remove the htcloggers package. And then let HTC know just how pissed you are that your trusty device isn’t so trustworthy anymore.