Missing word in the headline?
Surely the story should start with the word "Some"? I have a HTC Desire and this service isn't installed on it. Also, those who have rooted and installed a custom ROM will most likely not have it either.
A data logger pushed out by HTC to Android handsets has opened up a vulnerability allowing any app with internet permissions to access private customer information. The vulnerability was spotted by Trevor Eckhart, who informed HTC about it and waited five days for a response. Following that he decided to go public and gave …
Except the primary reason many people buy HTC is because of HTC Sense, not in spite of it. I too have gone down the custom route in the past but truth be told, I like the extra HTC toys.
My old Hero is running CM7 but I wouldn't put it on my Sensation.
Let me know when there's a custom ROM that includes Sense 3.0 for the Sensation then I may change my mind. Until then, I'll stick with a rooted standard Sense 3.0.
No, I'm not particularly worried about the lastest news. Yes, it's a serious booboo by HTC and I'll have to wait for them to fix things before I download any more apps but as I've got everything I need right now, that's not a big problem.
Er, yes. This is a closed-source HTC service. It was almost certainly discovered through running netstat on a rooted device and looking for open server ports. In no way would it be any harder to find on any other Android OEM's devices or on iOS. It _might_ be harder on Blackberry and WP7 simply because netstat and equivalent tools aren't as readily available.
It's bad enough we have Android vs iOS vs othermobilesystem wars, let's not degenerate even further into Android OEM A vs Android OEM B conflicts too. Especially not over a misinterpretation of the OP's post - Robert (Harvey) asked whether this would have been as easy to detect on another OS, *not* on another Android device made by someone other than HTC...
HTC initially gave up the Gingerbread / 2.3 release on the Desire but a rather large outcry saw them cave and suddenly decide they could release it after chopping out some crap. It's available now if you have an unbranded phone and depending on your network it may be able even if it's branded.
As for affected or not as someone else mentioned this seems to be a Sense 3 release and the Desire is still on an earlier version (2.1 I think).
To quote http://www.telstra.com.au/mobile/phones/smartphones.html (under Software Updates tab just down the page)
HTC Desire Android 'Gingerbread' update HTC will no longer proceed with a mass-market Gingerbread update for Desire due to the memory requirements of Android 2.3
I've just educated myself on the backflip HTC made that Ausdroid reported on June 24th and rather than spare myself the indeterminable date for such an update being made widely available through Telstra, I'd have gone custom firmware anyway. I'm happier with more control of my phone regardless.
Because this being the highly-customisable and generally open Android platform, all you have to do is delete or block the offending app. If and when Apple think this is a good idea [1], you can be assured that they will put it somewhere that users cannot touch and you will be stuck with it unless you jailbreak.
[1] And patent it, and sue HTC for using it.
But what's to stop Apple doing it themselves? The HTC issue is caused by HTC themselves so I fail to see what 3rd party developers have to do with it but you fruity fans know that Apple are so cuddly wuddly and they are your friends and would never dream of being so underhanded to their loyal fans...
Oh wait........
Had you managed to tear your eyes away from the radiant glory of your iProducts for just long enough to read the article, you would have noticed that the logger was installed by the manufacturer - presumably as part of a firmware rollout. And, had the sight of a sentence not worshipping the Almighty Apple not struck you witless with shock at such a heinous blasphemy, you would also have realised that I was talking about Apple incorporating a similar logger into iOS. At no point did I ever mention a third party developer.
I will, however, gladly accept your invitation to call Apple a bunch of control freaks.
"Because this being the highly-customisable and generally open Android platform, all you have to do is delete or block the offending app. If and when Apple think this is a good idea [1], you can be assured that they will put it somewhere that users cannot touch and you will be stuck with it unless you jailbreak."
I switched a while back from an iPhone to an HTC Sensation, and I've found that the Sensation is actually much more tightly locked-down than the iPhone was. When I first switched to the Sensation, no jailbreak was available for it at all. A jailbreak is now available, but it doesn't work on the latest software update.
HTC finally released a (cumbersome) way to legitimately root the Sensation, but (surprise surprise!) only for Sensations on certain carriers. Excluding, naturally, mine.
So the cell phone flame wars about "Android is open, iOS is closed" are, at least in my experience, a load of half-baked, misinformed nonsense. In the Android ecosystems, some phones are definitely much more open than others. (I'm still waiting for someone to break my particular Sensation.)
Mind you, I'm not playing Apple fanboi here. I quite like my Sensation, and I have no plans to go back to an iPhone. In a number of quantifiable ways, the hardware is superior to the iPhone's. The operating system is a mixed bag; there are some bits of Android I find quite a lot better than iOS, and some bits that still really annoy me. This isn't actually about "Android is better!" or "iOS is better!"--it's about the mistaken assumption that because it's Android, that must mean it's open.
"Franklin, Android openness is about being able to do what you want without getting permission from the manufacturer."
What I would really like to do with my Sensation is remove the crudware apps that HTC spooned onto it--Peep, the most miserable Twitter client I've ever seen; Slacker, which I gather is an Internet radio service or something; TeleNav, their competitor to Google's GPS nav software.
I can't.
Clearly, from HTC's perspective, Android is *not* about being able to do what I want without permission. Those applications can not be removed from an HTC phone without rooting it, and as I've mentioned above, that doesn't appear possible at the present with my phone.
'so I guess you haven't heard about the apple fiasco a few months ago, about the iphone storing its location every while, for any app to see.'
It wasn't for any app to see, you don't have filesystem access with an iOS app, except to files created by your app or through certain API calls, some media files such as music. In order to breach privacy somebody would either need to hack and root your phone or a law enforcement type would need physical access to the handset.
Sorry, but this is an order of magnitude worse than Apple's location storing - which at least had a sensible purpose behind it. Remember, Google does exactly the same kind of location DB build up, but it does it all server side - which is in some ways better and in some ways much worse.
I asked my girlfriend why she called me & said nothing. She when to her phone & it was doing things all by it self, she call me to it. At that time the alarms were being renamed, Bluetooth had been remotely turned on as had act as Wi-Fi access point. When I unplugged it from the charger it stopped.
There's no end to some Android owner's insecurity is there? An article that has nothing to do with iOS and you still feel the need to make snide remarks about it. I own devices on both platforms and there's nothing between them. I only prefer iOS because it has the better selection of games and apps.
No it won't. It'll run until it's fixed. This is obviously a fsck up by HTC than some evil plan. It's an issuse related to HTC Sense 3.0, not Android.
If HTC get this sorted out promptly, it'll be pretty much forgotten in a couple of months. Of, course, if they drag their feet on this then they deserve the worst.
Well I'm sorry fsck up or not it still doesn't explain why HTC is compiling all this info into a log file (and let's not forget even when patched the log file will be accessible if the phone is rooted)
There was a huge hoopla over much more innocuous cache files of both iOS and Android some time ago, and now this?
Not sure why the media isn't raising a stink over this.
Metavisor, there was a hoopla over the cached files in iOS. Android didn't store location data in the phone (and didn't store it at all if it didn't have your permission), whereas Apple made it available to anyone with access to the device. There is no big outcry about this new one because it doesn't affect 100 million people - only those with Sense 3 - but mostly because it's not Apple. There is a lot of hoopla about a new phone being announced today, but never about android phones. There was more press about the announcement of the announcement for iphone than there was for any android phone. Android gets neither free marketing nor free security announcements.
All HTC need to do is update affected systems so that authorisation isn't just given to any app requesting internet permissions, which is what the issue seems to be. Add authentication to the logging app and lock down the permissions to the log file.
Even those who root their phones tend to run superuser control apps, which alert the user to requests for privileged access from apps that make use of it. These apps could add a feature to authorise to the HTC logged data.