HTC's EVO 3D, EVO 4G and Thunderbolt Android phones are apparently at major risk for leaking your private information. Why? Artem Russakovskii reports for Android Police, "because HTC set their snooping environment up this way."
According to Android Police, any app that connects to the Internet or shows an ad can access your user accounts (like email addresses), GPS locations and previous location history, phone numbers, and other private information. And that's because any app installed on one of these HTC phones is given "permission" to access a host of the phone's information:
Normally, applications get access to only what is allowed by the permissions they request, so when you install a simple, innocent-looking new game from the Market that only asks for the INTERNET permission (to submit scores online, for example), you don't expect it to read your phone log or list of emails.
I'd like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way. It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door.
The data is collected through the HtcLoggers.apk app, which is capable of transferring the aforementioned private information to third-party individuals who connect to it -- no password necessary:
Yup, not just HTC, but anyone who connects to it, which happens to be any app with the INTERNET permission. Ironically, because a given app has the INTERNET permission, it can also send all the data off to a remote server, killing 2 birds with one stone permission.
To prove HTC devices were capable of collecting all the information as stated, Trevor Eckhart created an app that requests INTERNET permission and then shows the data being collected. Watch him explain here:
[youtube http://www.youtube.com/v/YoTUkQ7SlNU?version=3&hl=en_US expand=1]
Eckhart contacted HTC with these flaws and after receiving no word from them, decided to go public with the information. According to The Tech Herald, HTC has said: "HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."