- Joined
- Dec 6, 2008
This is why I don't like it when hardware manufacturers decide to tack on bloatware that I don't want and cannot remove without rooting my phone:
A security hole found in some HTC Android phones could give apps with Internet permissions access to information like a user’s location and their text messages, Android Police reported today. The vulnerability is part of HTC’s Sense UI and affects a subset of the brand’s most popular phones, including the HTC Thunderbolt and the EVO 4G.
The affected HTC phones have an application package titled HTCLoggers.apk installed with root-level access. Apps with Internet permissions can access HTCLoggers.apk, which provides access to information like GPS data, WiFi network data, memory info, running processes, SMS data (including phone numbers and encoded text), and system logs that can include information like e-mail addresses and phone numbers.
When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping, as shown by a proof-of-concept app that Android Police researchers developed.
[...]
http://arstechnica.com/gadgets/news...ddresses-location.ars?comments=1#comments-bar
A security hole found in some HTC Android phones could give apps with Internet permissions access to information like a user’s location and their text messages, Android Police reported today. The vulnerability is part of HTC’s Sense UI and affects a subset of the brand’s most popular phones, including the HTC Thunderbolt and the EVO 4G.
The affected HTC phones have an application package titled HTCLoggers.apk installed with root-level access. Apps with Internet permissions can access HTCLoggers.apk, which provides access to information like GPS data, WiFi network data, memory info, running processes, SMS data (including phone numbers and encoded text), and system logs that can include information like e-mail addresses and phone numbers.
When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping, as shown by a proof-of-concept app that Android Police researchers developed.
[...]
http://arstechnica.com/gadgets/news...ddresses-location.ars?comments=1#comments-bar