Mobile security experts have revealed that several models of HTC smartphones running on Android operating systems may have serious vulnerabilities that could compromise sensitive user data.
According to CNET, the HTC Evo 3D, Evo 4G and Thunderbolt smartphones contain a security glitch that allows mobile applications to gain access to personal data including text messages, GPS location, email addresses and phone numbers.
The vulnerability appears to be associated with data logging tools included in the operating system's latest update. According to Android Police, these utilities allow HTC to collect a wide range of data that may be used to inform future improvements. However, manufacturers may have opened a serious data security loophole as a result.
"It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door," according to Android Police contributor Artem Russakovskii.
Since the issue arose, security experts have discovered that the danger goes deeper than originally expected. According to the news source, any application that connects to the web or integrates advertisements could potentially acquire full access to a user's system logs, IP address and a limited history of GPS data points.
"HTC takes our customers' security very seriously and we are working to investigate this claim as quickly as possible," company officials said earlier this week, according to InformationWeek. "We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
The manufacturer was alerted of the issue late last month, according to Russakovskii, but has been slow to take action. In the meantime, the security expert suggests that users exercise extreme caution when downloading and using mobile applications. While suspicious looking apps should always be avoided, even those that are more reputable may be able to intercept sensitive data due to this specific threat.
Data Security News from SimplySecurity.com by Trend Micro
