HTC has admitted some of its Android handsets have a flaw which could allow malicious apps to read customer locations and account details, but a fix is on the way. The flaw was spotted last week and HTC were alerted to the flaw; now the mobe maker has admitted the problem exists and is working towards developing a fix that will …
...except the carriers (Orange, Voda etc) all have custom roms and people don't even have the latest bug fixes that are already patched as it is. Don't hold your breath hoping for a fix unless you've got an unbranded handset.
For those with root...
I have had an HTC Thunderbolt since before the first OTA update came out. It is the worst phone I have ever had. Data connection drops, the entirety of Android crashing, terrible battery life, and the OTA that updated it to Gingerbread has broken it even more, causing Voicemail notifications to cease functioning. They have been "working" on these so-called fixes with "no official release date" and only saying "Thank you for your patience." And now this issue with privacy...?? This is the last HTC phone I buy.
the question is not how long for a fix (although tht's important), it's...
Why -and when - did HTC "decide" to log user activity? Surely that's a breach of privacy? On the other hand, if this is a package that provides user feedback, with the users express permission, why was it unsecured?
And is the HTC user tracking and logging going away too or is that still going to be there?
Amazing that HTC gets away with barely a slap, if it was Apple or Microsoft it would be a media by now. Do they serve better food at media events or what?
Good to Hear
This tends to make me think even more that Antivirus SW is a con - as long as you keep your system up to date. What chance of McAffee finding and fixing more quickly?
Maybe in the days of ye olde unpatched XP......but now?
"And is the HTC user tracking and logging going away too or is that still going to be there?"
From what I've found from some quick googling then this is a similar type of logging as what is written to files in /var/log on a linux system so keeps logs of various bits of system info that may be useful for debugging. Seems to aid usage they added an interface into this to allow log data to be exported (after all, its not quite as easy to type "cat /var/log/messages" on a phone as it is on a linux box!). Problem is that various bits of info which ought to be private probably appear in these logs and they left this interface open to everyone.
My /var/log doesn't keep track of my GPS positions, however...