Security Vulnerabilities On HTC Android Devices 97
revjtanton writes "In recent updates to some of its devices, HTC introduced a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, or corporate evilness — it doesn't matter." That's because "any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)" on one of these phones can now grab all sorts of interesting bits from the logged data.
I'm keeping my Windows Mobile 6.5 Device... (Score:1)
No one wants to track us!!
Re: (Score:1)
but that the modern phone OSs are too cloud based
I stopped reading right there. Now go home and ask your daddy how operating systems work.
Re: (Score:2)
Ah, dueling ACs. Can you hear the tuba?
FTFY [youtube.com]
Re: (Score:1)
Re: (Score:2)
Untrusted apps? You mean I can't trust my cute little Bonzi Buddie? Shame on you, you nasty paranoid person! :)
Fix (Score:5, Interesting)
Re:Fix (Score:4, Informative)
There is no problem with "the permissions."
There is an app that runs as root (which means it effectively has all permissions), and it publishes all kinds of data on a TCP port. Anything that can connect to it can just ask for whatever data it wants.
The fix it to get rid of that app, or at least make it not expose that data on that port (which requires editing the app source, and which seems pointless since the only purpose of the app seems to be to bypass the normal permissions model).
Apps that run as root can do whatever they want to - don't like it, don't run the app. That's why generally speaking you shouldn't run random apps as root.
Re:Fix (Score:4, Interesting)
A major vendor is shipping a 'diagnostic' application so fucked that it might as well be a rootkit on a large-but-not-precisely-known number of devices expected to be connected to the internet and in possession of relatively juicy information for most of their operational lives, and nobody in the chain decided that this was maybe a bad idea until 3rd parties discovered it and wrote it up...
This suggests that HTC's "Sense" team might not have any.
Re: (Score:2)
Well, clearly this is a major security issue and should be fixed ASAP - not that I'm holding my breath.
It would be like a linux distro spawning a root bash listening on some random TCP port. There isn't anything wrong with the linux security model per se - it just doesn't prevent the people configuring the distro from shootting themselves (or more importantly their users) in the foot...
Block localhost?? (Score:2)
I can't see where a separate permission to allow localhost access would help at all. For one thing, how many people would know what that meant - at all? They would just mentally lump it with the internet permission if anything anyway.
For another, I can imagine there are some valid uses of connecting to a local port, possibly even some kind of IPC thing for a single application that has multiple components.
Re: (Score:2)
Architecturally, though, I think that there would be a case to be made that "localhost only" and "internet only, excluding localhost" are logical subdivisions(not mutually exclusive, an application could request both); because many applications need only communication with remote hosts, and aren't necessarily to be trusted crawling over localhost behind the firewall, and others might have a legitimat
Re:Fix (Score:5, Informative)
One silver lining at least is that
HTC is one of the very few hardware manufacturers that does provide official instructions for rooting [htcdev.com] your own device.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I have Terminal Emulator. I cd to /system/app , and ls tells me there's no HTCLoggers.apk . Is it hidden somehow? I think the phone is up to date with all offered updates. Is there any way to test whether this little bugger is actually installed on my phone?
Re: (Score:2)
Re: (Score:3)
If you are rooted, you can use Titanium Backup to uninstall HTC Loggers or you can manually delete HTCLoggers.apk from /system/app/.
If you are rooted you can just install Cyanogenmod and forget about it.
Cyanogen Mod (Score:4, Interesting)
Even more reason to root and flash with CyanogenMod [cyanogenmod.com] or other custom firmware of your choice.
Re: (Score:2)
Problem is, you lose HTC Sense, which is one of the best UIs for Android.
Re: (Score:2)
I recently installed cyanogenmod on my HTC Sensation... specifically to get rid of the Sense UI.
Re: (Score:2)
What else do you lose if you root an HTC (Evo Shift 4G) and replace with CyanogenMod or some other comprehensive Android OS?
Re:Cyanogen Mod (Score:4, Informative)
You don't lose SenseUI from *rooting*, you lose SenseUI from replacing its stock ROM with most community Android builds. The main complaint today about most factory ROMs is that there's no graceful way to pick and choose what you want to keep. To a very, very large extent, you can either poke around and rearrange the furniture a bit (leaving most of the original stuff in place), or you can blow it all away and end up with something that often isn't quite as polished or pretty as what you had before.
The main problem is that the Android team largely left it up to manufacturers to implement core stuff like the Dialer app, and never formally defined how a "Dialer" should interact with a "Phonebook" or "Calendar". So what happens is that someone makes a custom ROM, tries tweaking the Dialer, discovers he can't, blows it away and replaces it, then discovers that it can't seamlessly integrate with anything else on the phone because it doesn't know how to interact with the phonebook or calendar. SO... he reverse engineers the phonebook and calendar on HIS phone, gets it to work with his Dialer of choice, then others try to use it and it blows up on their phones because the phonebook and calendar on THEIR phones communicates in a different way than the phonebook and calendar on HIS phone.
THIS is what people really mean when they talk about Android's "fragmented" frameworks -- there's no official standard for how a modular and extensible dialer app should work or interact with the rest of the system, so every new Dialer ends up being specific to a very small specific group of phones, and version upgrades that upgrade the Dialer app end up breaking everything that was based on the old version's reverse-engineered behavior. SenseUI does things one way, Touchwiz does things another, Motoblur does them a third, and AOSP is off in its own world with several other ways for different families of Dialers+phonebooks to interact with each other and the rest of the world.
I believe one of Google's goals for ICS has been to formally define aspects of the "phonebook/contacts/schedule" system and standardize the intents, so that at least going forward manufacturers who properly implement them will have phones that can be incrementally tweaked without having to blow everything away and throw the baby out with the bathwater the way you (mostly) do now.
Re: (Score:2)
Is there at least a grid or DB somewhere of phones vs firmwares that indicates which OEM features are covered, and perhaps by which optional replacement? I thought phone fans were obsessive about collecting those kinds of details about the objects of their fetish.
Re: (Score:2)
The problem is that it's hard enough to keep track of all the different Android builds available for *your own* phone, and possibly its close cousins, without even thinking about trying to do it for other brands too. Just look at the forums for Cyanogen. The guys trying to port to to Samsung phones can barely carry on a coherent conversation with the guys who've ported it to HTC phones, because their stock firmware is so architecturally different. You'd think they'd be similar because they're all ARM-based,
Re: (Score:2)
You'd think they'd be similar because they're all ARM-based, overwhelmingly use Qualcomm radio chipsets, and all theoretically run Android... but software-wise the differences start at the kernel and device drivers, and just explode from there.
Now you understand why Samsung just hired Steve Kondik, founder of the Cyanogenmod project. They need someone like him very badly. Besides I, for one, won't consider a device if I can't get rid of the stock firmware and put Cyanogenmod (or another decent third-party ROM) on it. If nothing else, I simply do not trust the vendors and the carriers to play straight with me on the operating system.
You also have to give a lot of credit to the Cyanogen crew, when you look at the sheer number of supported device
Re: (Score:2)
So which rooted firmware would you install on an HTC Evo Shift 4G, that would still run every app in the Android Market (and probably any other app, including ones I make myself with the SDK)? I really don't love the HTC Sense "desktop", but I don't want to live in some fork where every app I install has me second-guessing the firmware choice. And I certainly don't want to live with HTC's attacks like this one - which is a sign of things to come from HTC.
Re: (Score:2)
Yeah, I agree about HTC: that's too bad. I don't know if they've just gone "evil", or if this is an example of the known-evil carrier influence, but I stopped running stock firmware on any of my p
Re: (Score:2)
For the sake of accuracy, the only carrier known to have ever done that in the US is AT&T, and they appear to have quit doing it for new phones going forward from the Infuse, and supposedly are unlocking older phones as they roll out periodic updates over the next few months. Now, whether AT&T will KEEP leaving them unlocked if it loses its fight to buy T-Mobile, and quits trying to publicly pretend that it's non-Evil, is anybody's guess.
Re: (Score:2)
Will Sprint know that I've rooted my phone? How about if I enable WiFi hotspot on an unlimited data 4G phone... other than by auditing my total consumption and inferring? If they do guess, will I have violated some contract, or even just given them an excuse to cancel my contract?
If not, it seems there's practically nothing to lose except the HTC SenseUI, which seems worth losing. And in its absence, perhaps inspiration to write a different GUI shell myself, or with others.
Re: (Score:2)
Will Sprint know that I've rooted my phone? How about if I enable WiFi hotspot on an unlimited data 4G phone... other than by auditing my total consumption and inferring? If they do guess, will I have violated some contract, or even just given them an excuse to cancel my contract?
If not, it seems there's practically nothing to lose except the HTC SenseUI, which seems worth losing. And in its absence, perhaps inspiration to write a different GUI shell myself, or with others.
Well, right now I have six different so-called "home apps" loaded on my G2. Some are variants of the stock launcher, others are completely and totally different. Sometimes I switch between them depending upon what I'm doing.
Re: (Score:2)
For the sake of accuracy, the only carrier known to have ever done that in the US is AT&T
Okay, I'll take your word for that. I've never had a smartphone on anything other than T-Mobile at this point. On the other hand, even T-Mobile disallowed tethering apps early on (my first Android device was the venerable G1.) They eventually did a complete about-face on that score, and I haven't had any grief about non-Market apps or tethering or, well, anything else really. Which is why I was very upset when I first heard about the buyout.
The upper management of AT&T (or rather, SBC) should be in i
Re: (Score:2)
Well, strictly speaking, they didn't "block" them, they just didn't allow them to be shown in Android Market. They made it non-easy for unsophisticated users, but didn't actually make it *hard* for regular users the way AT&T did.
Now, if they started poisoning DNS to make their domain appear to be invalid, or started to actually intercept and mangle http requests to their web site, that would be much more incrementally-evil and condemnation-worthy. On a scale of 1 to 10:
Filtering from Android Market: 2
DN
Re: (Score:3)
> Now you understand why Samsung just hired Steve Kondik, founder of the Cyanogenmod project.
> They need someone like him very badly.
You're absolutely right. Actually, Steve will help Samsung a lot, because for basically the cost of one happy full-time employee, they've effectively outsourced the long-term maintenance of their phones' firmware to dozens to hundreds of enthusiastic, highly-skilled unpaid volunteers (many of whom would be VERY expensive to hire for real as full-time employees). Samsung
Re: (Score:2)
I am very pleased that my post gave you two an excuse to discuss this subject so informedly and insightfully. Thanks for sharing it with me - and with us :).
Re: (Score:2)
So which rooted firmware would you install on an HTC Evo Shift 4G, that would still run every app in the Android Market (and probably any other app, including ones I make myself with the SDK)? I really don't love the HTC Sense "desktop", but I don't want to live in some fork where every app I install has me second-guessing the firmware choice. And I certainly don't want to live with HTC's attacks like this one - which is a sign of things to come from HTC.
Re: (Score:3)
Is there at least a grid or DB somewhere of phones vs firmwares that indicates which OEM features are covered, and perhaps by which optional replacement? I thought phone fans were obsessive about collecting those kinds of details about the objects of their fetish.
This [communityrelease.com] may be helpful to you.
Re: (Score:2)
Ah - would you limit your replacement firmware choice to what that form shows is available for a given phone/orig-OS?
Re: (Score:2)
Ah - would you limit your replacement firmware choice to what that form shows is available for a given phone/orig-OS?
That's just one list and not all-inclusive. There are lots of third-party ROMs. Once you have your phone rooted, you can download a program called ROM Manager from the market: it will install a custom recovery partition and allow you to back up and restore your existing OS and applications, and will flash a number of the most popular mods, including Cyanogen and MIUI. It will only show ROMs that are compatible with your particular device.
Re: (Score:1)
Re: (Score:2)
Reading the other replies in this thread, it seems that nothing else is lost, and much is gained - if you don't mind being unconventional.
Re: (Score:1)
Re: (Score:2)
Problem is, you lose HTC Sense, which is one of the best UIs for Android.
In that case try one of the Virtuous Sense ROMs. They work very well, but in my case I have a T-Mobile G2, so I had to installed engineering bootloader in order re-partition my flash to allow enough space for the OS. I ended up decided that Sense wasn't for me anyway, and went back to my Cyanogenmod.
Re: (Score:2)
Nah, I've had my fill of Android for the time being - I'm going back to the iPhone later this week.
Thanks for the suggestion tho, I hope it helps someone else reading this thread!
Re: (Score:2)
Awww did someone get all offended at the thought that someone dislikes their Android experience enough to go back to Apple? Poor poor you, don't worry, it will soon pass.
Re:Cyanogen Mod (Score:4, Interesting)
(Sorry for using biased language, but I think that denying a user control over hardware they own, especially by an open source project, is just asinine.)
Re: (Score:1)
Thanks for pointing me to this one, I *was* on the verge of buying a new phone, and the Android beasties looked tempting especially after a bit of rooting, but hey, I've been happy with 'dumb' phones up till now, I think I'll stick with them..
I have to ask the question that the developer of the patch sort-of asked, wtf is Android doing exposing the device IMEI number, SIM serial numbers and files, contents of Contacts lists and SMS message stores, etc to any sort of app for in the first instance? (well, he
Re: (Score:2)
Well, in the first place, an app has to demand access, and receive permission from the user before it can access such things. Every time you install an app, a list of permissions to be granted is present to the user for their permission. Now, it may be the case that most users just blindly hit "accept," but that's not an OS
YES it is an OS issue (Score:5, Insightful)
Every time you install an app, a list of permissions to be granted is present to the user for their permission. Now, it may be the case that most users just blindly hit "accept," but that's not an OS issue.
Yes it is. By having a security model that makes it more likely users will accept, that OS has introduced a security flaw.
A better approach is to grant permission at first time of access to a resource, so that you can make a judgement in context of what the app is asking for. Possibly some permissions should be asked for up front anyway, but not all... And by breaking them apart users would think more about granting them.
Re: (Score:3)
I suspect that "their" motive is to keep their options open, and they're not going to get job offers from phone vendors by making it harder to monetize the platform. Steve is now employed by a phone vendor so I doubt he'll ever shake things up that much.
There are now 3rd-party apps that will block these APIs, which makes me less annoyed with Android.
Android is FOSS, so you could always make a "PrivacyMod" distro that just tracks CyanogenMod but adds a few patches like these sorts of things. That would be
The mind is willing (Score:2)
Seems to be a mind is willing, but the flesh is weak situation with the droid devices. Certainly the permissions model makes lots of sense for the type of device, but the implementations are wanting.
Why even bother specifying INTERNET perms? (Score:2)
Seriously, why bother - users don't actually care whether an app needs internet access or not, they just use the app anyway. For example, I've developed an app doesn't require internet access, yet it is still less popular than a similar app (which has less functionality) that happily uploads your private data to it's servers.
Honestly, if the users themselves don't mind sending something like their menstruation data to a third-party, why bother with an app that guarantees privacy? The privacy apps will just
Re: (Score:2)
Work has provided me with an Android phone, so I've been looking through the Applications, and most of 'em I won't install because the appli
Re: (Score:2)
There's not going to be a way to disable a permission without the app that tries to get it noticing that it's disabled, when that app tries to exercise that permission and the function fails. But so what? We should be able to deny the permission in the OS, but still install the app that wants the permission. Then that function will fail. And the app will either not do what we want, in which case we'll either keep it or not, either give the permission or not, either contact the app distributor/author or not.
Re: (Score:1)
There's not going to be a way to disable a permission without the app that tries to get it noticing that it's disabled, when that app tries to exercise that permission and the function fails. But so what? We should be able to deny the permission in the OS, but still install the app that wants the permission. Then that function will fail. And the app will either not do what we want, in which case we'll either keep it or not, either give the permission or not, either contact the app distributor/author or not.
Well, if it doesn't work the first time, the user would probably just look for a new one, and the popularity of privacy-respecting apps to non-privacy-respecting apps will at least change. And many users, given a allow/cancel dialog like "this application is attempting to access the internet, should it?" everytime the app is started, would probably look for a new app. From my experience with phone users downloading my app, if it doesn't work they don't even bother telling you, they just move on.
So, this sch
Re: (Score:1)
Cyanogenmod can do this if you enable some of the advanced features. Once the app is installed you can go in where you view the permissions it needs and toggle some of them off. Badly designed apps may crash, but most stuff I've done it to has happily continued running.
Re: (Score:2, Interesting)
Cyanogenmod can do this if you enable some of the advanced features. Once the app is installed you can go in where you view the permissions it needs and toggle some of them off. Badly designed apps may crash, but most stuff I've done it to has happily continued running.
True. And if you're still concerned, run Droidwall. I do ... if an app has no need for Internet it goes in the blacklist. If it then fails to run because of some stupid license check, or just the dev being a dick and insisting that his app get out whenever it wants, it gets uninstalled.
Re: (Score:2)
Re: (Score:2)
Your point is mostly true, but I think there are legitimate cases to call out internet permissions. I have installed a password manager that doesn't have internet permissions. If it did have it, then it could send the passwords to an internet server someplace. So I honestly checked that the program did not have internet permissions, and would not have installed it if it did have them.
My point is fully true - I went to the android market now and did a search for "password manager" - of the first five (ordered by relevance) results, only ONE (Yes, you read that correctly) does not allow internet access. Let's call them A, B, C and D and see how they compare:
A - internet access required, 100k to 500k installs
B - no internet access required, 10k to 50k installs
C - internet access required, 100k to 500k installs
D - internet access required, 10k to 50k installs
E - internet access requi
Re: (Score:2)
The trouble is that any app that shows ads, requires internet access to get the ads.
One of the major revenue streams in the android market are those ads as android users are much less likely to pay for an app.
What Google needs to do is separate the ad internet connection from any other internet connection.
Re: (Score:3)
You know that sounds like a solid idea, but I scratch my head at the specific implementation of it. If you say that internet connections for ads are a separate permission, then would Google maintain a white list of ad providers? And then for ad providers, there'd need to be some policing to check that info going to the ad servers doesn't contain personal info.
Maybe the way to handle it is to have a separate Android OS advertising API that manages the request sent to an ad provider, disallowing any possibili
Re: (Score:3)
If you want to more assurance that your passwords aren't leaked to the internet don't install any other application with internet permission from the same developer. Two apps can share files if they are signed with the same key. The password application can still send the passwords to any other installed application using Intents too
Re: (Score:2, Interesting)
All users will happily allow something like "Angry Birds" to have internet access, even though it is obvious that it doesn't need it.
[snipped]
The few people who don't like those ads go to the Amazon Appstore for Android and get the pay version of Angry Birds - no more ads.
You just made my own point for me - the paid version of Angry Birds on the amazon app store needs internet access (I just checked!).
Why? It clearly isn't for ads, perhaps its for DLC???
Many reasons (Score:3)
Why? It clearly isn't for ads, perhaps its for DLC???
Even though I'm not sure exactly what Angry Birds on Android needs (aside from DLC which I know they do regularly), I can think of a lot of reasons why pretty much any game would want internet permissions:
* Highscores
* Achievements
* Reduce level size on device
* Tweeting to friends about game (yes, many games integrate with social networks).
* web pages with game help material that you wanted to be able to keep more dynamic.
* news feed for game users
Email the shame. (Score:2)
Deleting This Attack (Score:2)
How do I delete this new attack from HTC? If I can't just delete it, but instead I have to root the phone and install an Android OS not from HTC or my carrier, where is the complete list of what I'll lose when I do so? And instructions for doing it?
And where's the NY attorney general phone#, so I can report this hellish violation of any contract I had with HTC, and general privacy invasion?
Re: (Score:2)
I'm asking the people reading this specific discussion, many of whom actually know something. Which is what real people do when having a conversation: ask each other for insights.
Unlike you, Anonymous idiot Coward, who has nothing to offer. What a loser you are that you think you're funny offering some lame old joke link. Why not offer some goatsex instead? Twit.
Re: (Score:1)
Who is the bigger fool: the fool, or the fool who replies to his troll post?
Reason not to use mobiles for authentication. (Score:1)
Good think Android is open (Score:2)
N/C
Bravo (Score:2)
Good Job HTC.