HTC America received a complaint from Federal Trade Commission (FTC) due to the company’s failure to adhere to the standards of securing their software. The case filed by FTC against HTC America is the very first incident that a consumer-protection agency went after a company that designs mobile devices with security issues.
The company’s products include Windows phone, Android and Windows mobile tablet and smartphones. FTC won the settlement causing HTC America to be subjected to a long-term independent security evaluation. HTC America was also obliged to generate and roll out patches to every single device that they manufactured.
In the official blog of FTC, they allegedly accused HTC America for designing products without considering the security of the user’s information. Moreover, the company still disregarded the standard practices in the industry even though they have been notified about the security issues discovered. Furthermore, FTC accused HTC America of the following:
- Failure to evaluate their products’ security software for potential bypass issues
- Failure to conduct sufficient security training to their engineers
- Failure to organize a way for the company to receive and fix security weakness issues reported by third parties
- Failure to implement the standard secure-coding practices
HTC was also accused for giving opportunities for malicious third-party apps to bypass the security on products run by Android operating system. This enables the hackers to manipulate the device itself and the sensitive information contained in it.
HTC America also permitted the pre-installed apps on their products to gain access on some of its functions (i.e. camera and microphone) without requesting for consent from the user. This scenario becomes an issue to HTC users because they have been deprived of their privacy. If only the company’s Android-powered products take into account consent mechanisms, then they could have avoided unapproved access to sensitive data.
Aside from the pre-installed apps that can illegally access some of the device functions, HTC also pre-installed an app that permits download and installation of other apps not within the scope of Android authorized process.
The order which was issued last February 22 is still on hold for 30 days to allow the public to say their opinions about it.
Via NBC News