Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×
Android Privacy Security Your Rights Online

Security Vulnerabilities On HTC Android Devices 97

revjtanton writes "In recent updates to some of its devices, HTC introduced a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, or corporate evilness — it doesn't matter." That's because "any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)" on one of these phones can now grab all sorts of interesting bits from the logged data.
This discussion has been archived. No new comments can be posted.

Security Vulnerabilities On HTC Android Devices

Comments Filter:
  • by SuperKendall (25149) on Sunday October 02, 2011 @09:30PM (#37586832)

    Every time you install an app, a list of permissions to be granted is present to the user for their permission. Now, it may be the case that most users just blindly hit "accept," but that's not an OS issue.

    Yes it is. By having a security model that makes it more likely users will accept, that OS has introduced a security flaw.

    A better approach is to grant permission at first time of access to a resource, so that you can make a judgement in context of what the app is asking for. Possibly some permissions should be asked for up front anyway, but not all... And by breaking them apart users would think more about granting them.

Let's organize this thing and take all the fun out of it.