• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Security hole in HTC phones gives up e-mail addresses, location

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

olegsomphane

Member
Joined
Dec 6, 2008
This is why I don't like it when hardware manufacturers decide to tack on bloatware that I don't want and cannot remove without rooting my phone:

A security hole found in some HTC Android phones could give apps with Internet permissions access to information like a user’s location and their text messages, Android Police reported today. The vulnerability is part of HTC’s Sense UI and affects a subset of the brand’s most popular phones, including the HTC Thunderbolt and the EVO 4G.

The affected HTC phones have an application package titled HTCLoggers.apk installed with root-level access. Apps with Internet permissions can access HTCLoggers.apk, which provides access to information like GPS data, WiFi network data, memory info, running processes, SMS data (including phone numbers and encoded text), and system logs that can include information like e-mail addresses and phone numbers.

When called upon, the logging program opens a local port that will provide this data to any app that asks for it. Apps can send the data off to a remote server for safekeeping, as shown by a proof-of-concept app that Android Police researchers developed.

[...]

http://arstechnica.com/gadgets/news...ddresses-location.ars?comments=1#comments-bar
 
What if youre running an AOSP ROM? Im running CM7 on my Evo 4G, would the offending apk still be in there?

All you have to do use something like Rom Explorer and you'll see in the sys>apps folder the apk, highlight and delete it. I don't know specifics for your ROM so I honestly couldn't say for sure.
 
I don't believe that sense UI is in the cyanogenmod rom, since it is proprietary to HTC. That is, unless you manually install it yourself.
 
Back