Technology

Video Shows How HTC Android Phones Leak Private Info ‘Left and Right’

HTC Flaw Leaking Personal Information Just by Connecting to Internet

HTC's Evo 4G (Photo: Engadget)

HTC’s EVO 3D, EVO 4G and Thunderbolt Android phones are apparently at major risk for leaking your private information. Why? Artem Russakovskii reports for Android Police, “because HTC set their snooping environment up this way.”

According to Android Police, any app that connects to the Internet or shows an ad can access your user accounts (like email addresses), GPS locations and previous location history, phone numbers, and other private information. And that’s because any app installed on one of these HTC phones is given “permission” to access a host of the phone’s information:

Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don’t expect it to read your phone log or list of emails.

[...]

I’d like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It’s like leaving your keys under the mat and expecting nobody who finds them to unlock the door.

HTC Flaw Leaking Personal Information Just by Connecting to Internet

Artem Russakovskii writes that by using Internet permission, any app on certain HTC phones can gain access to information in these categories. (Image: Artem Russakovskii/Android Police)

The data is collected through the HtcLoggers.apk app, which is capable of transferring the aforementioned private information to third-party individuals who connect to it — no password necessary:

Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.

To prove HTC devices were capable of collecting all the information as stated, Trevor Eckhart created an app that requests INTERNET permission and then shows the data being collected. Watch him explain here:

Eckhart contacted HTC with these flaws and after receiving no word from them, decided to go public with the information. According to The Tech Herald, HTC has said: “HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”

[H/T PC World, Gizmodo]

Comments (45)

  • macpappy
    Posted on October 4, 2011 at 12:04am

    For all the warning messages and pop up dialog boxes, I find the Windows Phone 7 the secure way to use a smart phone. It seems that all those pop ups and warnings are for permissions to allow access to your info. You can stop your info from being used with Windows Phone.

    Report Post » macpappy  
    • mamachihuahua
      Posted on October 4, 2011 at 12:34am

      As if they didn’t know about this, they have to investigate it. Come on, do we look that stupid? Anyone who looks thru their phone security has seen all the permissions HTC allows. Time for them to really care about customer security.

      Report Post »  
  • Roni
    Posted on October 3, 2011 at 11:53pm

    Okay, well that pretty much sucks. Once again, our Constitutional right to privacy and unreasonable search seems to have been sucked down the proverbial technological toilet. Tell me, do they still need a warrant to access our DNA/blood, or have we somehow signed over access to that too?

    Report Post » Roni  
  • Qoheleth
    Posted on October 3, 2011 at 7:09pm

    This
    http://www.androidcentral.com/htc-collecting-data-us-phones-htc-sense-storing-it-very-sloppy-way-security
    is a far better take on the issue which, while not making light of it, points out it’s not nearly as “sky is falling” as the Android Police made it out to be.
    By the way, many thanks to all those media outlets who’ve publicized this flaw. Good job…thanks…really.

    Report Post » Qoheleth  
    • 408 CheyTac
      Posted on October 3, 2011 at 8:17pm

      own one, do you?

      Report Post »  
    • skitrees
      Posted on October 4, 2011 at 11:53am

      @QOHELETH

      “Android police” – really? Not biased at all…are you? A company who routinely sneaks clauses into their products which state things like “anything you access, create, or post using our product automatically becomes ours, and you forfeit all copyright in perpetuity.” Yeah, you’re right – it is those evil folks out here who actually take offence about such companies who are the problem – NOT the company who tries to claim ownership and perpetual copyrights of things they don’t own.

      Report Post »  
  • mendskyz
    Posted on October 3, 2011 at 3:40pm

    The safest way to handle this is to not keep anything on your phone that you wouldn’t want the whole world to see. Like one poster said above, and I paraphrase, if they snoop my phone they will fall asleep at the keyboard, I’ve got nothing to hide, and nothing of any interest unless they want to know what my high score on Tetris is.

    BTW, turning off GPS only makes the search area a little larger. As long as your phone is on, your position can be triangulated from the cell towers.

    Report Post »  
  • OneofMany
    Posted on October 3, 2011 at 3:39pm

    I turn data OFF (all data) unless I absolutely need it. Sure I get an annoying caution signal all the time, but at least you don’t get live location data. Obviously, they can still see my log of who I call and what I’ve been doing, but none of that is secret anyway. If you want a secure phone, you need to buy a secured phone.

    Report Post » OneofMany  
  • cranberry
    Posted on October 3, 2011 at 3:38pm

    Don’t we all excpect this tho? I am surely not surprised at all. These big companies are using us and we are continually stupid enough to cast a blind eye on what we are getting for free.

    Report Post » cranberry  
  • independentvoteril
    Posted on October 3, 2011 at 2:37pm

    well tracking me would be BORING.. since I leave my phone home most of the time IF I‘m going somewhere I won’t need it .. I have a land line for home.. I do use my phone for playing scrabble with my cousins though.. or texting my husband when he’s at work and I need him to stop at the store..

    Report Post » independentvoteril  
  • swoods08
    Posted on October 3, 2011 at 2:00pm

    I deal with this on a day to day basis being a cell phone tech. You really need to be careful of all the “free” crap in the market, it will not only screw with your phone but transmit your info. And for those of you downloading task killer, lookout or any virus protect app there is a good chance its just a “data miner” for google to see all the crap you are downloading.

    Report Post »  
    • V-MAN MACE
      Posted on October 3, 2011 at 2:19pm

      I assume the same thing goes for a PC…

      Looks like I’m gonna be digging into my permissions list and running Rootkit Revealer…

      Report Post » V-MAN MACE  
    • Justathinkin
      Posted on October 3, 2011 at 3:19pm

      This isn’t just about the free crap on the Droid Market though. They aren’t going to do anything about the data mining going on. They all have free and clear allowance to do such things via the Patriot Act I and II, just so long as they share that data with the gov’t. The only way to stop the theft of information would be to not own any sort of phone or computer. Other than that, we will only be free of this sort of invasion if we do away with Patriot Acts and the idiotic left that seems to think that we aren’t intelligent enough to wipe our own butts, let alone use things like a phone without their supervision.

      Report Post »  
  • babylonvi
    Posted on October 3, 2011 at 1:52pm

    And THAT‘s why I don’t use a Smart Phone. You CAN live without one, trust me. A regular phone is fine, just take the battery out is you don’t want to be tracked or monitored.

    Report Post » babylonvi  
  • bhelmet
    Posted on October 3, 2011 at 1:29pm

    Isn’t Android powered by Google?

    Report Post » bhelmet  
    • smithclar3nc3
      Posted on October 3, 2011 at 1:36pm

      Isn’t technology great(sarcasm) all this info. will come in handy when the black bag partols are started.
      They’ll know whose ready for The University of Fema re-education camps.

      Report Post »  
    • Ruler4You
      Posted on October 3, 2011 at 1:37pm

      Look, if you are some techno idiot that didn’t KNOW this was coming or gong on then you are just stupid. “NETWORKS” are just that; Networks. They ‘network’. AND they are designed to be databases as well. Storing Each and EVERY keystroke. (Yes, including these). Watching what you say is P_A_R_A_M_O_U_N_T to this technology. Coding is the ultimate destiny for those who wish to “say” something, without actually ‘convicting’ yourself.

      Report Post » Ruler4You  
    • babylonvi
      Posted on October 3, 2011 at 1:48pm

      And isn’t Google affiliated with the CIA? Any more questions?

      Report Post » babylonvi  
  • Oregon_TEA
    Posted on October 3, 2011 at 1:12pm

    I made a comment that i might go back to my old RAZR Phone, and it got deleted ????

    Report Post » Oregon_TEA  
  • Champ
    Posted on October 3, 2011 at 1:06pm

    Paused the vid at 6:43, and plugged in the Lat & Long to google maps.

    http://g.co/maps/wh399

    Guy lives in Flushing, NY.

    Report Post »  
    • smokey888x2
      Posted on October 3, 2011 at 1:45pm

      He has blue eyes, his middle name is Edward, I have his account bank numbers, his date of birth, his mother’s maiden name. Also, he likes coconut cream pie, w/ pumkin coming in second. His favorite football team is none – he just likes to watch it. He has a mold on his left shoulder. His dog’s name is Gizmo, his girlfriend is seeing someone else but she’s unsure, he is right handed but bowls left handed. He has one good white shirt and nine blue ones. He has a small fetish about superman wearing a cape and he doesn’t flush public toliets. That’s about all I got, your turn.

      Report Post » smokey888x2  
  • AlmostaCowboy
    Posted on October 3, 2011 at 1:03pm

    Sometimes you‘re glad you’re old.

    Report Post » AlmostaCowboy  
  • Oregon_TEA
    Posted on October 3, 2011 at 1:02pm

    I’ve been thinking of going back to my old RAZR. This just may be the thing that pushes me over the edge.

    Report Post » Oregon_TEA  
    • WestMichiganRage
      Posted on October 3, 2011 at 1:33pm

      The problem with that line of thought is that anyone who has your info on their smart phone, the apps can still collect the data. 1984!

      ps Glenn stop hating on Ron Paul

      Report Post » WestMichiganRage  
  • Blazer123
    Posted on October 3, 2011 at 12:59pm

    I always have gps turned off unless I’m getting directions, pretty sure it saves the battery a little and I created a new email account for use with my phone. I assumed it wouldn’t be secure and I guess I was right.

    Just the fact that I carry the phone around and it could be lost or stolen (physically as opposed to electronically) is reason enough for me to not keep anything sensitive on the phone.

    Report Post »  
    • independentvoteril
      Posted on October 3, 2011 at 2:33pm

      I’m with you .. I only have my WIFI on when I am waiting for someone.. so I can play my game.. I have my GPS off always I get the directions from my computer and LOOK for the place.. and I only keep phone numbers no email addresses on my phone.. I also got a gmail account to use for the phone.. which I don’t use .. can’t even remember the password..

      Report Post » independentvoteril  
  • TAXEVERYONE
    Posted on October 3, 2011 at 12:51pm

    HTC and Sprint have some real problems with the EVO 3D that they are not addressing.

    Report Post » TAXEVERYONE  
  • KevINtampa
    Posted on October 3, 2011 at 12:50pm

    @Liz Klimas

    Is this a problem with the HTC Sense software environment and HTC phones running non-Sense ROMs such as CM7 are immune from this?

    Report Post »  
  • housetops
    Posted on October 3, 2011 at 12:49pm

    Anyone know of defensive measures we can take? Log killers, delete services… etc?

    Report Post »  
    • MidWestMom
      Posted on October 3, 2011 at 1:27pm

      Honestly I don’t know. We’ve never used internet capability on our phones. Primarily for security reasons and because it’s too expensive. 4 phones x $25 (on average) = an additional $100 on top of the basic family plan cost. Unfortunately it‘s becoming extremely difficult to find a cell phone that doesn’t REQUIRE a data plan to work. Of course it’s a blatant way of forcing people to pay more for phones and pay more for service. But I’ve always suspected part of the reason is to access & track more and more info on people.

      Report Post »  
    • Dougral Supports Israel
      Posted on October 3, 2011 at 1:52pm

      My defense is to not use a smartphone. I have an old Virgin Mobile phone that has a cheap $20 per quarter fee. The cost for each minute is high but that is fine because I hardly use it. I also leave it off except on those rare occasions when I need to make a call.

      Report Post »  
    • MidWestMom
      Posted on October 3, 2011 at 2:07pm

      We didn‘t have cell phones until 2 years ago so we don’t have any of the older phones. Only got cell phones because our kids reached their teen years and spent more time away from us. Youth group trips, sporting events, dating etc etc. We do keep careful tabs on our kids and we’ve taught them well but they also need the room to learn how to handle freedom so to speak. It’s a natural part of growing up. Our cell phones assure they can call us whenever they need to and vice versa. It’s more of a safety measure than anything else. Unfortunately the world is a big, bad place. Not to mention payphones have virtually disapeared.

      Report Post »  
    • mendskyz
      Posted on October 3, 2011 at 3:34pm

      MidWestMom: don’t kid yourself, your teen will learn to use every feature in their phone. Also, don’t kid yourself that “teaching them well” will stop them from doing something they aren’t supposed to. Also, it isn’t just what is on their phone, it is also what information they give to their friends about themselves such as phone numbers and/or e-mail, etc that gets put on their friends phones.

      Kids did without phones for 100′s of years, nothing much has chaged in today’s times other than the pressure of giving your kids the same cool “toys” that the other kids have. Resist the old line “Everybody does it or has it”, if you want to protect your kid, take away their phones and don‘t give them a driver’s license until they leave home.

      Report Post »  
  • Cymry
    Posted on October 3, 2011 at 12:42pm

    OK, for the past several years major corporations/institutions have had their client data compromised. Facebook, Google, ad infinitum have had privacy/data use “issues” revealed recently (been doing it for years). Echelon, etc. What if all of this data was centralized, hmm? Sounds pretty much like an anti-christ rolodex. Just saying…….

    Report Post » Cymry  
    • Hollywood
      Posted on October 3, 2011 at 3:08pm

      Anti-Christ Rolodex. Love it! Not funny, as it is true.

      Report Post » Hollywood  
  • ErinLindsey
    Posted on October 3, 2011 at 12:42pm

    Great….I just bought an Evo 4g last week. Wish my old cellphone had waited another couple of weeks before it died.

    Report Post » ErinLindsey  
  • jmc610
    Posted on October 3, 2011 at 12:39pm

    I remember awhile ago something being said about Android & also Google and to be careful about the security with them.. It was back when Google ran that contest for the kids… Doodle with Google…
    Does anyone else recall this…

    Report Post » jmc610  
  • tchriscoe
    Posted on October 3, 2011 at 12:38pm

    We should be able to opt out on any intrusion of privacy. Or at least know about the intrusion.

    Report Post »  
    • MidWestMom
      Posted on October 3, 2011 at 1:14pm

      They may say you have an “opt out” but it won’t really opt you out. As far as being notified of intrusion, won’t happen. Implementing either would defeat the purpose of the Intruders.

      Report Post »  
  • mapgirl10
    Posted on October 3, 2011 at 12:28pm

    Great should I smash my only means of communication to my kids now! So much for tech stuff and big brother!

    Report Post »  
  • ByDawnsEarlyLight
    Posted on October 3, 2011 at 12:26pm

    What steps if Any? need to be taken? HTC your products are tresspassing, gathering and logging peoples personal and private info, and you may not need to take steps to fix it? This is why I dont have a smart/spy phone aside from the fact that the media fee’s are legally thievery.

    Report Post » ByDawnsEarlyLight  
  • GENEPAGLIARI
    Posted on October 3, 2011 at 12:26pm

    Then what? sell it to owe bummer and his crew of nasties.

    Report Post »  

Sign In To Post Comments! Sign In