Taiwanese smartphone giant HTC has moved to address recent revelations of a security flaw in the firm’s Android smartphones, promising an update to be delivered via an over the air update.
Androidpolice first revealed that HTC’s modified Android operating system contained a number of security vulnerabilities seemingly arising out of the firm’s introduction of behind-the-scenes logging capability.
Phones such as the Evo, MyTouch and some models of Sensation are known to have the flawed OS which essentially allows any application that is granted the Android permission of ‘Internet’ to access a wide array of private information.
"I’d like to reiterate that the only reason the data is leaking left and right is because HTC set their snooping environment up this way," wrote Android Police’s Artem Russakovskii.
"It’s like leaving your keys under the mat and expecting nobody who finds them to unlock the door."
The security researchers said they had reached out to HTC but not received any recognition in a week at which point they went public. After the story broke HTC eventually responded with an official statement promising an ‘OTT’ patch for affected handsets.
After the customary downplaying of any threat, HTC said:
"HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it."
The key there is that HTC is going to have to push out the update via carrier partners. The same carrier partners that famously delay releases of Android OS updates so one probably shouldn’t expect this fix any time soon.
An interim solution is to ‘root’ the phone and remove the application Htcloggers.apk by hand. Or using an alternative firmware such as Cyanogen Mod.
HTC for their part helpfully suggest not installing applications that aren’t from ‘trusted’ partners.