Forgot your password?
typodupeerror
Android Government Security Windows Your Rights Online

FTC to HTC: Patch Vulnerabilities On Smartphones and Tablets 111

Posted by timothy
from the tla-envy dept.
New submitter haberb writes "I always thought my HTC phones were of average or above average quality, and certainly no less secure than an vanilla Android install, but it turns out someone was still not impressed. 'Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.' Perhaps this will push HTC to release some of the ICS upgrades they promised a few months ago but never delivered, or perhaps the reason they fell through in the first place?"
This discussion has been archived. No new comments can be posted.

FTC to HTC: Patch Vulnerabilities On Smartphones and Tablets

Comments Filter:
  • Bad summary. (Score:4, Informative)

    by msauve (701917) on Saturday February 23, 2013 @09:01PM (#42992713)
    Granted, HTC was late in delivering ICS to the Thunderbolt. But, contrary to the summary's claim and link ("upgrades they promised a few months ago but never delivered"), it was in fact delivered - a few weeks ago.
  • Re:Bad summary. (Score:5, Informative)

    by icebike (68054) on Saturday February 23, 2013 @09:11PM (#42992763)

    Right. Why do summary writers always try to force the story toward their pet peeve.

    Further this FTC settlement had NOTHING to do with what version of Android was installed, but rather the diagnostics and monitoring applications they had installed, mostly at the carriers request.

    Both "Carrier IQ", something demanded by carriers, till they got caught, and "Tell HTC" a bug reporting software, ended up leaving logs on the phone that contained private data in clear-text, and transmitted that data to the carriers or to HTC in un-encrypted format. It also had to do with the handling of that data once it was delivered to the carriers and more specifically to HTC.

    Why the summary writer had to make it about something else is beyond me.

  • by tuppe666 (904118) on Saturday February 23, 2013 @10:38PM (#42993137)

    HTC is the only company who sells Android phones that I'd consider buying. Too bad Android apparently has issues with security updates / etc. Sure, blame the vendor... But this seems to be a prevalent problem with Android based phones.

    Lets have a little look at security on the iPhone...hmmm you can just fiddle with the power button and making an emergency call then immediately hang up, and it bypasses the passcode.

    Perhaps you would have been better with a HTC phone after all ;)

  • Re:Bad summary. (Score:4, Informative)

    by anagama (611277) <obamaisaneocon@nothingchanged.org> on Saturday February 23, 2013 @11:38PM (#42993405) Homepage

    To be clear, this is what the vulnerability did:

    Let me put it another way. By using only the INTERNET permission, any app can also gain at least the following:

            ACCESS_COARSE_LOCATION Allows an application to access coarse (e.g., Cell-ID, WiFi) location
            ACCESS_FINE_LOCATION Allows an application to access fine (e.g., GPS) location
            ACCESS_LOCATION_EXTRA_COMMANDS Allows an application to access extra location provider commands
            ACCESS_WIFI_STATE Allows applications to access information about Wi-Fi networks
            BATTERY_STATS Allows an application to collect battery statistics
            DUMP Allows an application to retrieve state dump information from system services.
            GET_ACCOUNTS Allows access to the list of accounts in the Accounts Service
            GET_PACKAGE_SIZE Allows an application to find out the space used by any package.
            GET_TASKS Allows an application to get information about the currently or recently running tasks: a thumbnail representation of the tasks, what activities are running in it, etc.
            READ_LOGS Allows an application to read the low-level system log files.
            READ_SYNC_SETTINGS Allows applications to read the sync settings
            READ_SYNC_STATS Allows applications to read the sync stats

    http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ [androidpolice.com]

    Note the date of that article. (!)

Lisp Users: Due to the holiday next Monday, there will be no garbage collection.

Working...