Over the weekend Androidpolice.com broke a pretty intense story about a massive security vulnerability found in some key Android devices. The Android devices are all made by HTC and include the HTC Evo 3d, HTC Evo 4g, and the Thunderbolt.
Now when the guys at Androidpolice write a security based story you can bet your bottom dollar that it’s been thoroughly researched, examined and re-researched. In fact Artem, and Justin Case worked just about the whole weekend on researching the original story. They also enlisted the help of Trevor Eckhart of Damage Control and Virtual ROMs. Justin Case was the one who discovered a major vulnerability in Skype, which at the time was spot on.
More after the break
The vulnerability discovered in these HTC devices allows any app with internet access permissions to access more than just the permissions it needs to ping the internet for whatever information the app itself is looking for. The information the apps have access to includes (but is not limited to) the list of user accounts on your phone, last known GPS coordinates, SMS data including encoded texts (which can be decoded), system logs and more. You really should go over to Androidpolice.com and read it for yourself.
HTC responded to thedroidguy’s request for comment with the same response they gave to most other sites:
“HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”
We will be monitoring this situation and reporting on it as it unfolds. For now though, again, head over to Androidpolice for the complete technical breakdown of what this claim is all about.