Massive Security Vulnerability In HTC Android phones

[tranglos]

After barely a week with my HTC Sensation I knew I would never buy an HTC product again. Now, this will help me remember if I ever think of changing my mind:


Massive Security Vulnerability In HTC Android Devices

[f0dder]

Pretty bad thing, stuff like that really shouldn't happen.

That said, I'm very satisfied with my Desire S.

[Eóin]

I like HTC devices, indeed all my smartphones tend to be HTC. Plus, given their "turn a blind eye" to the hackers policy coupled with their more recent help to the hackers by providing a bootloader unlocker I had thought the company was being pretty darn not evil.

So I must say, this development really disappoints me. Thankfully though, as a user of custom roms (CyanogenMod) it at least doesn't affect me, but is still inexcusable.

[f0dder]

I wonder if it's intentional data-harvesting/back-dooring or just a sign of very, very poor judgment and crap programmers. Given how blatant it is, I almost can't believe it's intentional back-dooring...

[Eóin]

It really does seem too stupid I admit. HTC did make a public response to the data collecting: XDA-Dev - HTC Responds Once Again…, but that was before the security issues were discovered.

[Stoic Joker]

So is this strictly an HTC Android issue?? ...Or is it more that the rest haven't been checked yet?

I ask, as I have an HTC WP7 that I'm a tad leery of at the moment.

[Eóin]

So far it's strictly Android. I believe MS put restrictions on what software manufacturers and carriers can preinstall which would mean tracking apps like this very dodgy HTC android one would have the be vetted by MS, and I bet would not be allowed.

[Stoic Joker]

So far it's strictly Android. I believe MS put restrictions on what software manufacturers and carriers can preinstall which would mean tracking apps like this very dodgy HTC android one would have the be vetted by MS, and I bet would not be allowed.

-Eóin (October 03, 2011, 07:27 AM)

Oh great, so now there is an upside to draconian software policys... *Sigh* ...Sometimes I really wish I was smart enough to give-up.

[Eóin]

I do like that MS put major restrictions on the sort of bloat carriers and manufactures love to add. The popularity of installing "stock" android roms show how annoying the custom UIs to some people out there, myself included.

Nonetheless, that MS went the Apple way of only allowing apps be installed through their marketplace is disgraceful. Honestly I don't understand how such practices don't fall foul of of various regulations to support competitiveness.

[Darwin]

There are some advantages to playing in a walled garden... I have all three major mobile OS's, in their latest incarnations, and do like being able to side-load apps on Android. However, a lot of what I AM able to sideload is DROSS. Also, being forced to use the app store or the marketplace makes updates down the road simpler. I have an office suite that I bought for Android via the developer's website rather than the marketplace and the purchase came with dire warnings about NOT updating via the marketplace but from within the suite itself lest my registration details be wipted out (likewise, if purchasing from the marketplace, users are warned not to update from within the suite itself). I don't really want to have to worry about this, but have to...

[tranglos]

I like HTC devices, indeed all my smartphones tend to be HTC.

-Eóin (October 02, 2011, 04:47 PM)

Yeah, it's a common case of YMMV. Sensation looks really great on paper, and pretty good in reviews, but in practice it's just not a good phone. I can understand some bugs in the OS and the attendant software, but the issues I've had really turned me off. At one point it stopped playing text message notification sound and only a hard reset (i.e., wipe all user data) restored it.

USB connection to the 'puter hardly ever works - you connect it and nothing happens, regardless of settings. It takes about two minutes (!) to establish connection, but often it never connects. When it does connect, it resets (crashes) on disconnect. So forget about using it as your primary music player, transferring files is just too annoying.

I live in a busy city, where coverage is perfect. Put the phone on the table, get four bars (max). Pick it up, display drops to 1 (one) bar. Go somewhere less populated, and I have to reach for my old Nokia to make a call.

The Sensation is the first phone I've ever had that drops calls. When it does connect, sound quality is poor, and too often I can only hear every second word that's spoken on the other end.

It's good for browsing the net (but don't hold it in your hand when you do!), but it's a really poor phone. Easily the worst I've ever had.

YMMV.

[Ath]

I live in a busy city, where coverage is perfect. Put the phone on the table, get four bars (max). Pick it up, display drops to 1 (one) bar. Go somewhere less populated, and I have to reach for my old Nokia to make a call.

The Sensation is the first phone I've ever had that drops calls. When it does connect, sound quality is poor, and too often I can only hear every second word that's spoken on the other end.

-tranglos (October 03, 2011, 09:36 AM)

In such case I'd go back to the shop/service provider, and have the phone replaced, it sounds like it's faulty.

[tranglos]

In such case I'd go back to the shop/service provider, and have the phone replaced, it sounds like it's faulty.

-Ath (October 03, 2011, 09:53 AM)

I could only have it serviced under warranty, but it's the design that's faulty. The back metal plate serves as the antenna and it just plain doesn't work.

[Renegade]

I have an HTC Desire HD, and so far it's been good. Mind you, I'm on Vodaphone, and they're well known for blowing hard, so I attribute the suckiness in connections to Vodaphone, and not the HTC.

It's not perfect, but so far it's ok.

Mind you, my cheapo Nokia is the best phone for reliability that I've ever had. Awesome battery life. Turned it on after 6 months in storage, and it fired right up.

For the security vulnerability... sigh... I can't say I'm all that surprised.

[Eóin]

Here's a followup from HTC

HTC Public Statement:

HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
 
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly.  During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.

-http://www.xda-developers.com/android/official-announcement-by-htc-regarding-security-vulnerability/

[f0dder]

A followup that says... pretty much nothing.

Are they going to limit their data collecting to a sane level? Or are they merely going to (attempt to) block 3rd party access to the logs?

It hardly seems like they acknowledge they've been doing anything wrong O_o

[Stoic Joker]

Oh I don't know, I thought this line made their position rather clear:

A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws.

-HTC Public Statement

Translation: Don't worry kids, it's naughty so no one will actually do it.

Seriously weak stance if I ever saw one..