Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Android Privacy Security Your Rights Online

Security Vulnerabilities On HTC Android Devices 97

Posted by timothy
from the bit-of-an-oopsie dept.
revjtanton writes "In recent updates to some of its devices, HTC introduced a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, or corporate evilness — it doesn't matter." That's because "any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)" on one of these phones can now grab all sorts of interesting bits from the logged data.
This discussion has been archived. No new comments can be posted.

Security Vulnerabilities On HTC Android Devices

Comments Filter:
  • by SuperKendall (25149) on Sunday October 02, 2011 @09:30PM (#37586832)

    Every time you install an app, a list of permissions to be granted is present to the user for their permission. Now, it may be the case that most users just blindly hit "accept," but that's not an OS issue.

    Yes it is. By having a security model that makes it more likely users will accept, that OS has introduced a security flaw.

    A better approach is to grant permission at first time of access to a resource, so that you can make a judgement in context of what the app is asking for. Possibly some permissions should be asked for up front anyway, but not all... And by breaking them apart users would think more about granting them.

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...