Taiwanese mobile manufacturer HTC has vowed to investigate data security issues found within its Android devices after being alerted of the potential flaws by mobile industry bloggers.
Popular Android resource Android Police contacted the company after it found that some recent HTC updates contained a data logging suite which collects ‘a sizeable amount’ of user’s personal data.
Affected devices are said to include the Evo 3D, Thunderbolt, Sensation and recently released Beats Audio-enhanced Sensation XE, although Android Police claim that many more could be afflicted by the issues.
The security flaw means that any app requesting internet access via android.permission.internet (standard procedure for any web-based app) is granted access the ‘HtcLoggers.apk.’ system file containing sensitive data collected by HTC’s logging activity.
Potentially compromised information includes lists of user accounts, (including email addresses and sync status), phone numbers from the phone log, SMS data and system logs likely to contain information on everything from running apps, email addresses, phone numbers, and other private information.
According to Artem Russakovskii, a blogger for Android Police, the log file totalled a hefty 3.5MB on his HTC Evo 3D.
HTC didn’t respond directly to Android Police but later told the BBC:
‘HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible.’
‘We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.’