Video Shows How HTC Android Phones Leak Private Info ‘Left and Right’
- Posted on October 3, 2011 at 12:15pm by
Liz Klimas
- Print »
- Email »
HTC's Evo 4G (Photo: Engadget)
HTC’s EVO 3D, EVO 4G and Thunderbolt Android phones are apparently at major risk for leaking your private information. Why? Artem Russakovskii reports for Android Police, “because HTC set their snooping environment up this way.”
According to Android Police, any app that connects to the Internet or shows an ad can access your user accounts (like email addresses), GPS locations and previous location history, phone numbers, and other private information. And that’s because any app installed on one of these HTC phones is given “permission” to access a host of the phone’s information:
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don’t expect it to read your phone log or list of emails.
[...]
I’d like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It’s like leaving your keys under the mat and expecting nobody who finds them to unlock the door.
Artem Russakovskii writes that by using Internet permission, any app on certain HTC phones can gain access to information in these categories. (Image: Artem Russakovskii/Android Police)
The data is collected through the HtcLoggers.apk app, which is capable of transferring the aforementioned private information to third-party individuals who connect to it — no password necessary:
Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
To prove HTC devices were capable of collecting all the information as stated, Trevor Eckhart created an app that requests INTERNET permission and then shows the data being collected. Watch him explain here:
Eckhart contacted HTC with these flaws and after receiving no word from them, decided to go public with the information. According to The Tech Herald, HTC has said: “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”
Popular Stories
Paper Details Obama Admin’s Alleged Secret Note Sent to Iran: If Israel Attacks, We Won’t Get Involved 591 Comments
‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 415 Comments
This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 415 Comments
President Obama Issues Major ‘Green Energy’ Executive Order 379 Comments
Roseanne Barr: Most Billionaires ‘Violent Pedophiles’ & ‘Heartless’ Cocaine Addicts 376 Comments
Faith
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 415 Comments
Pakistani Muslim Cleric Accused of Framing Disabled Christian Girl in Koran-Burning Case Read More- ‘Made Up Religion’: TV Historian Enrages Muslims, Receives Threats After Producing UK Documentary Questioning Islam’s Beginnings 415 Comments
Meet the Controversial German Imam Accused of Brutally Beating His Wife & Pushing Sharia Law Read More
‘Self-Proclaimed Messiah’ & Unification Church Leader the Rev. Sun Myung Moon Has Died — Here’s His Life Story Read More
Business
- President Obama Issues Major ‘Green Energy’ Executive Order 379 Comments
- Germany’s Upcoming Court Ruling Will be Huge for the EU Read More
Ford Looks to Beat Toyota for Best-Selling Car in 2012 With This Model 151 Comments
Bernanke & QE3: Here’s What You Need to Know 100 Comments- ‘Extortion’: Why Did the Labor Department ‘Drop the Hammer’ on Oregon Farmers? 303 Comments
Technology
- This Is the Creationists‘ Response to Scientist Bill Nye’s Viral Pro-Evolution Video Claiming They Harm Children 415 Comments
‘TaserDrone’: Hackers Weaponize Quadcopter With Actual ‘Shocking’ Technology Read More
Ever Heard of the Wild ‘Burning Man’ Festival in the Middle of the Nev. Desert? Here’s Your Primer Read More
Stanford Develops Technology ‘Better Than Steroids’ for Athlete Recovery Read More
Have You Pretended to Know What ‘the Cloud’ Is? You’re Not Alone Read More
Submitting your tip... please wait!
Comments (45)
macpappy
Posted on October 4, 2011 at 12:04amFor all the warning messages and pop up dialog boxes, I find the Windows Phone 7 the secure way to use a smart phone. It seems that all those pop ups and warnings are for permissions to allow access to your info. You can stop your info from being used with Windows Phone.
Report Post »mamachihuahua
Posted on October 4, 2011 at 12:34amAs if they didn’t know about this, they have to investigate it. Come on, do we look that stupid? Anyone who looks thru their phone security has seen all the permissions HTC allows. Time for them to really care about customer security.
Report Post »Roni
Posted on October 3, 2011 at 11:53pmOkay, well that pretty much sucks. Once again, our Constitutional right to privacy and unreasonable search seems to have been sucked down the proverbial technological toilet. Tell me, do they still need a warrant to access our DNA/blood, or have we somehow signed over access to that too?
Report Post »Qoheleth
Posted on October 3, 2011 at 7:09pmThis
Report Post »http://www.androidcentral.com/htc-collecting-data-us-phones-htc-sense-storing-it-very-sloppy-way-security
is a far better take on the issue which, while not making light of it, points out it’s not nearly as “sky is falling” as the Android Police made it out to be.
By the way, many thanks to all those media outlets who’ve publicized this flaw. Good job…thanks…really.
408 CheyTac
Posted on October 3, 2011 at 8:17pmown one, do you?
Report Post »skitrees
Posted on October 4, 2011 at 11:53am@QOHELETH
“Android police” – really? Not biased at all…are you? A company who routinely sneaks clauses into their products which state things like “anything you access, create, or post using our product automatically becomes ours, and you forfeit all copyright in perpetuity.” Yeah, you’re right – it is those evil folks out here who actually take offence about such companies who are the problem – NOT the company who tries to claim ownership and perpetual copyrights of things they don’t own.
Report Post »mendskyz
Posted on October 3, 2011 at 3:40pmThe safest way to handle this is to not keep anything on your phone that you wouldn’t want the whole world to see. Like one poster said above, and I paraphrase, if they snoop my phone they will fall asleep at the keyboard, I’ve got nothing to hide, and nothing of any interest unless they want to know what my high score on Tetris is.
BTW, turning off GPS only makes the search area a little larger. As long as your phone is on, your position can be triangulated from the cell towers.
Report Post »OneofMany
Posted on October 3, 2011 at 3:39pmI turn data OFF (all data) unless I absolutely need it. Sure I get an annoying caution signal all the time, but at least you don’t get live location data. Obviously, they can still see my log of who I call and what I’ve been doing, but none of that is secret anyway. If you want a secure phone, you need to buy a secured phone.
Report Post »cranberry
Posted on October 3, 2011 at 3:38pmDon’t we all excpect this tho? I am surely not surprised at all. These big companies are using us and we are continually stupid enough to cast a blind eye on what we are getting for free.
Report Post »independentvoteril
Posted on October 3, 2011 at 2:37pmwell tracking me would be BORING.. since I leave my phone home most of the time IF I‘m going somewhere I won’t need it .. I have a land line for home.. I do use my phone for playing scrabble with my cousins though.. or texting my husband when he’s at work and I need him to stop at the store..
Report Post »swoods08
Posted on October 3, 2011 at 2:00pmI deal with this on a day to day basis being a cell phone tech. You really need to be careful of all the “free” crap in the market, it will not only screw with your phone but transmit your info. And for those of you downloading task killer, lookout or any virus protect app there is a good chance its just a “data miner” for google to see all the crap you are downloading.
Report Post »V-MAN MACE
Posted on October 3, 2011 at 2:19pmI assume the same thing goes for a PC…
Looks like I’m gonna be digging into my permissions list and running Rootkit Revealer…
Report Post »Justathinkin
Posted on October 3, 2011 at 3:19pmThis isn’t just about the free crap on the Droid Market though. They aren’t going to do anything about the data mining going on. They all have free and clear allowance to do such things via the Patriot Act I and II, just so long as they share that data with the gov’t. The only way to stop the theft of information would be to not own any sort of phone or computer. Other than that, we will only be free of this sort of invasion if we do away with Patriot Acts and the idiotic left that seems to think that we aren’t intelligent enough to wipe our own butts, let alone use things like a phone without their supervision.
Report Post »babylonvi
Posted on October 3, 2011 at 1:52pmAnd THAT‘s why I don’t use a Smart Phone. You CAN live without one, trust me. A regular phone is fine, just take the battery out is you don’t want to be tracked or monitored.
Report Post »bhelmet
Posted on October 3, 2011 at 1:29pmIsn’t Android powered by Google?
Report Post »smithclar3nc3
Posted on October 3, 2011 at 1:36pmIsn’t technology great(sarcasm) all this info. will come in handy when the black bag partols are started.
Report Post »They’ll know whose ready for The University of Fema re-education camps.
Ruler4You
Posted on October 3, 2011 at 1:37pmLook, if you are some techno idiot that didn’t KNOW this was coming or gong on then you are just stupid. “NETWORKS” are just that; Networks. They ‘network’. AND they are designed to be databases as well. Storing Each and EVERY keystroke. (Yes, including these). Watching what you say is P_A_R_A_M_O_U_N_T to this technology. Coding is the ultimate destiny for those who wish to “say” something, without actually ‘convicting’ yourself.
Report Post »babylonvi
Posted on October 3, 2011 at 1:48pmAnd isn’t Google affiliated with the CIA? Any more questions?
Report Post »Oregon_TEA
Posted on October 3, 2011 at 1:12pmI made a comment that i might go back to my old RAZR Phone, and it got deleted ????
Report Post »Oregon_TEA
Posted on October 3, 2011 at 1:15pmnever mind ……. :(
Report Post »Champ
Posted on October 3, 2011 at 1:06pmPaused the vid at 6:43, and plugged in the Lat & Long to google maps.
http://g.co/maps/wh399
Guy lives in Flushing, NY.
Report Post »smokey888x2
Posted on October 3, 2011 at 1:45pmHe has blue eyes, his middle name is Edward, I have his account bank numbers, his date of birth, his mother’s maiden name. Also, he likes coconut cream pie, w/ pumkin coming in second. His favorite football team is none – he just likes to watch it. He has a mold on his left shoulder. His dog’s name is Gizmo, his girlfriend is seeing someone else but she’s unsure, he is right handed but bowls left handed. He has one good white shirt and nine blue ones. He has a small fetish about superman wearing a cape and he doesn’t flush public toliets. That’s about all I got, your turn.
Report Post »AlmostaCowboy
Posted on October 3, 2011 at 1:03pmSometimes you‘re glad you’re old.
Report Post »Oregon_TEA
Posted on October 3, 2011 at 1:02pmI’ve been thinking of going back to my old RAZR. This just may be the thing that pushes me over the edge.
Report Post »WestMichiganRage
Posted on October 3, 2011 at 1:33pmThe problem with that line of thought is that anyone who has your info on their smart phone, the apps can still collect the data. 1984!
ps Glenn stop hating on Ron Paul
Report Post »Blazer123
Posted on October 3, 2011 at 12:59pmI always have gps turned off unless I’m getting directions, pretty sure it saves the battery a little and I created a new email account for use with my phone. I assumed it wouldn’t be secure and I guess I was right.
Just the fact that I carry the phone around and it could be lost or stolen (physically as opposed to electronically) is reason enough for me to not keep anything sensitive on the phone.
Report Post »independentvoteril
Posted on October 3, 2011 at 2:33pmI’m with you .. I only have my WIFI on when I am waiting for someone.. so I can play my game.. I have my GPS off always I get the directions from my computer and LOOK for the place.. and I only keep phone numbers no email addresses on my phone.. I also got a gmail account to use for the phone.. which I don’t use .. can’t even remember the password..
Report Post »TAXEVERYONE
Posted on October 3, 2011 at 12:51pmHTC and Sprint have some real problems with the EVO 3D that they are not addressing.
Report Post »KevINtampa
Posted on October 3, 2011 at 12:50pm@Liz Klimas
Is this a problem with the HTC Sense software environment and HTC phones running non-Sense ROMs such as CM7 are immune from this?
Report Post »housetops
Posted on October 3, 2011 at 12:49pmAnyone know of defensive measures we can take? Log killers, delete services… etc?
Report Post »MidWestMom
Posted on October 3, 2011 at 1:27pmHonestly I don’t know. We’ve never used internet capability on our phones. Primarily for security reasons and because it’s too expensive. 4 phones x $25 (on average) = an additional $100 on top of the basic family plan cost. Unfortunately it‘s becoming extremely difficult to find a cell phone that doesn’t REQUIRE a data plan to work. Of course it’s a blatant way of forcing people to pay more for phones and pay more for service. But I’ve always suspected part of the reason is to access & track more and more info on people.
Report Post »Dougral Supports Israel
Posted on October 3, 2011 at 1:52pmMy defense is to not use a smartphone. I have an old Virgin Mobile phone that has a cheap $20 per quarter fee. The cost for each minute is high but that is fine because I hardly use it. I also leave it off except on those rare occasions when I need to make a call.
Report Post »MidWestMom
Posted on October 3, 2011 at 2:07pmWe didn‘t have cell phones until 2 years ago so we don’t have any of the older phones. Only got cell phones because our kids reached their teen years and spent more time away from us. Youth group trips, sporting events, dating etc etc. We do keep careful tabs on our kids and we’ve taught them well but they also need the room to learn how to handle freedom so to speak. It’s a natural part of growing up. Our cell phones assure they can call us whenever they need to and vice versa. It’s more of a safety measure than anything else. Unfortunately the world is a big, bad place. Not to mention payphones have virtually disapeared.
Report Post »mendskyz
Posted on October 3, 2011 at 3:34pmMidWestMom: don’t kid yourself, your teen will learn to use every feature in their phone. Also, don’t kid yourself that “teaching them well” will stop them from doing something they aren’t supposed to. Also, it isn’t just what is on their phone, it is also what information they give to their friends about themselves such as phone numbers and/or e-mail, etc that gets put on their friends phones.
Kids did without phones for 100′s of years, nothing much has chaged in today’s times other than the pressure of giving your kids the same cool “toys” that the other kids have. Resist the old line “Everybody does it or has it”, if you want to protect your kid, take away their phones and don‘t give them a driver’s license until they leave home.
Report Post »Cymry
Posted on October 3, 2011 at 12:42pmOK, for the past several years major corporations/institutions have had their client data compromised. Facebook, Google, ad infinitum have had privacy/data use “issues” revealed recently (been doing it for years). Echelon, etc. What if all of this data was centralized, hmm? Sounds pretty much like an anti-christ rolodex. Just saying…….
Report Post »Hollywood
Posted on October 3, 2011 at 3:08pmAnti-Christ Rolodex. Love it! Not funny, as it is true.
Report Post »ErinLindsey
Posted on October 3, 2011 at 12:42pmGreat….I just bought an Evo 4g last week. Wish my old cellphone had waited another couple of weeks before it died.
Report Post »jmc610
Posted on October 3, 2011 at 12:39pmI remember awhile ago something being said about Android & also Google and to be careful about the security with them.. It was back when Google ran that contest for the kids… Doodle with Google…
Report Post »Does anyone else recall this…
tchriscoe
Posted on October 3, 2011 at 12:38pmWe should be able to opt out on any intrusion of privacy. Or at least know about the intrusion.
Report Post »MidWestMom
Posted on October 3, 2011 at 1:14pmThey may say you have an “opt out” but it won’t really opt you out. As far as being notified of intrusion, won’t happen. Implementing either would defeat the purpose of the Intruders.
Report Post »mapgirl10
Posted on October 3, 2011 at 12:28pmGreat should I smash my only means of communication to my kids now! So much for tech stuff and big brother!
Report Post »ByDawnsEarlyLight
Posted on October 3, 2011 at 12:26pmWhat steps if Any? need to be taken? HTC your products are tresspassing, gathering and logging peoples personal and private info, and you may not need to take steps to fix it? This is why I dont have a smart/spy phone aside from the fact that the media fee’s are legally thievery.
Report Post »GENEPAGLIARI
Posted on October 3, 2011 at 12:26pmThen what? sell it to owe bummer and his crew of nasties.
Report Post »