HTC Android phones may have “massive security vulnerability”
#1
HTC Android phones may have “massive security vulnerability”
If you’ve got one of HTC’s popular Android phones, such as the Evo 4G, Evo 3D or Thunderbolt, your phone may be giving apps you’ve installed a huge amount of personal data — information that you didn’t authorize those apps to have access to.
The reported vulnerability, according to Artem Russakovskii of AndroidPolice.com, comes about due to a flawed logging application contained within the most recent version of the HTC Sense user interface, a custom skin that HTC includes with its Android phones. When you grant apps access to the phone’s internet capabilities (permission that would ordinarily only allow the app to access the web for uploading and downloading data), HTC’s logging application also grants access to a whole host of other data. That data, Russakovskii says, includes:
- active notifications in the notification bar
- build number, bootloader version, radio version, kernel version
- network info, including IP addresses
- full memory info
- CPU info
- file system info and free space on each partition
- running processes
- current snapshot/stacktrace of every running process and thread
- list of installed apps, including permissions used, user ids, versions, and more
- system properties/variables
- currently active broadcast listeners and history of past broadcasts received
- currently active content providers
- battery info and status
Read more: http://venturebeat.com/2011/10/02/htc-android-security/
Thread
Thread Starter
Forum
Replies
Last Post
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)