• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root HTC Really, REALLY Screwed Up

WormDoes

WormDoes

Android Expert
I'm in SHOCK over what I've just read. I don't even know what to say to be honest. Read it and weep, literally. . .

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

edit: I spoke with Artem from Android Police on Twitter and the app in question is called HTCLoggers.apk and It's located in system/app. This only affects Sense ROMs. So, I'd recommend everyone who's rooted and running a Sense build check their system/app with your favorite file explorer immediately.

I'm curious what HTC is going to do about all this? This is a PR nightmare. I'm a huge fan of their phones, but this has left a very sour taste in my mouth.
 
Saw this pop up on android police facebook,

Just checked my synergy system. Doesn't seem to be in my system

Pretty crazy info to let out.
 
Went to my andexplorer program, and that file is there! But when I click it and hit delete like I normally would to delete a file, it says file can not be deleted!
 
Weird..."andexplorer" wouldn't let me delete it...but I went through my bamf settings-manage system apps, and it let me delete that file...

Whew! Now that THAT is deleted...are we sure there's nothing else we need to do further?

Thanks for letting us know about this potential risk...
 
while im sure HTCs intentions were not to maliciously collect and manipulate personal info,i agree a very sour taste.

did you watch the video? trevE made an app and ran it on a completely stock phone that shows exactly what this is doing.

guys, this is EXACTLY why i root my phones from day 1 and prefer to run cynaogen mod(or some type of no-stock) firmware. i cant say enuff how much i appreciate the work of everyone in CM,and especially developers like jcase and trevE that bring these kind of things to our attention.

searching now for a twitter for trevE. he looks like another good guy to follow.

it will be interesting to see what HTC has to say about it.
 
thanks for the link. i just donated to trevE,and think he very much deserves it if anyone can spare a lil. while this isnt "fun" like flashing a new rom, his findings here are just as important to the comunity.
 
nyrmetros said:
What does this mean for the regular user?
Click to expand...

It means you have no way to remove the HTCLoggers.apk that the article is talking about.

Merged with the thread I started on this topic. Non rooted users have no way to remove the apk. That's why I posted it in the All Things Root section
 
WormDoes said:
It means you have no way to remove the HTCLoggers.apk that the article is talking about.

Merged with the thread I started on this topic. Non rooted users have no way to remove the apk. That's why I posted it in the All Things Root section
Click to expand...

But by merging & moving to the root section, then all the non-rooted people don't see that this is an issue & thus aren't alerted to further considerations to root.
 
CegAbq said:
But by merging & moving to the root section, then all the non-rooted people don't see that this is an issue & thus aren't alerted to further considerations to root.
Click to expand...

It's not like this story isn't everywhere. If it was something that wasn't all over the web I would have left it there.
 
I sent in the money, downloaded the program and have no clue what to do next. If I go to menu and select remove log it says only available to donators. Rebooted all kinds of things and nothing. Oh well, it's only a buck.
 
are you currently running a sense rom? if so you can look at all the diffefrent things that those files have access to. if youre on AOSP,then youre safe,those files dont exist,so the app doesnt really do much. but its cool to support him anyway :)
 
scotty85 said:
are you currently running a sense rom? if so you can look at all the diffefrent things that those files have access to. if youre on AOSP,then youre safe,those files dont exist,so the app doesnt really do much. but its cool to support him anyway :)
Click to expand...

Me? AOSP? ;) totally worth the dollar.
 
I honestly am not sure if I can get another HTC phone after this. The deal-breaker will be what happens with HTC's response.
 
well my thunderbolt is rooted so removing this was not an issue. now im questioning buying the vigor. i really want new dual core, but will this security vulnerability get fixed in time?
 
I was on the fence about getting the HTC Vigor or Samsung Nexus Prime as my next phone. This is making that decision easier for me.
 
im not going that far. while i hope htc will state their intentions with these files,and fix this issue in timely manner, their not doing so wont cause me to not buy another htc product. who knows what similar files other mfgrs have in their software... we are lucky to have such devoeted devs for htc devices that dig stuff like this up for us.

even if i change my mind about their ethics,i still like htc hardware. this just strengthens the concept that i wont get any phone i cant root.

you guys get the prime. that just leaves more vigors for me,muahaha :D
 
Double checking with the guys from th3ory roms, but it seems all of the sense-based-but-different ROMs have had this fixed for a while (probably because htclogger was considered bloat). I see my phone doesn't have the apk and log file listed (shifts3ns3 1.5).
 
You must log in or register to reply here.
Back
Top Bottom