• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root ** MASSIVE ** HTC Security Vulnerability Article??

scudder

scudder

Android Expert
Wondering if you guys saw this posted today. Says that a HUGE amount of personal data can be obtained from a log file set up for collection of data by HTC from the simple permission android.permission.INTERNET:

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

Just wondering everyone opinion and concern over this?? The article says that ONLY STOCK SENSE FIRMWARE is affected and that if you're running an AOSP-based ROM you're OK.

There is also a suggestion in the article for us rooted users to immediately remove HtcLoggers.apk (located at /system/app/HtcLoggers.apk)

So, I'm posting this for everyone's information and want to know, not only your opinion on removing the above apk, but the effect of this vulnerability??
 
thanx for the heads up on that. very interesting indeed. will have to take a closer examination of this issue. hopefully the devs already know about this and removed it from the system partitions. i think that is what mik mentioned in his changelog for mik2.55:
I recommend switching to this version just because indeed your personal info is more safe and it seems like speed improved on 3g and overall in general due to less actions running in the background.
Click to expand...
 
ocnbrze said:
thanx for the heads up on that. very interesting indeed. will have to take a closer examination of this issue. hopefully the devs already know about this and removed it from the system partitions. i think that is what mik mentioned in his changelog for mik2.55:
Click to expand...

I'm running mikg 2.55 and you are correct it doesn't have the file (HTCloggers.apk) in there.
 
I took time to read the article and found it interesting. My only real issue is that most of the information that the program collects can be collected individually from any program. If I know how to code I'm sure I can add a script to my program to give me the information I want. Another simple fact that is overlooked in America today is that NO WHERE in the Constitution does it guarantee us the RIGHT TO PRIVACY. Its unfortunate that Company's do these thing however the Question is Did HTC realize the Vulnerability? A lot of the issues here are things they have been able to do on your desktop for years. Windows has such a lax in security that any program is capable of collecting "Personal Information" and sending that information back to its servers. Apple systems are also just as lax in security as Windows. The fact that Corporations are getting and using this info should be of no surprise. All the information that HTCLogger can access is the same information any other program could access.

As bad as these type of programs can be they also can be just as useful. By collecting such information Companys can debug their programs better and make them work in more situations on more machines which increases their bottom line. They also can be helpful in tracking down Other exploits that may arise such as vulnerability's to hardware componets. Knowing how we use technology can help companies build better technology.

So While I am glad I'm running an ASOP ROM I also am responsible enough to know that I have no guarantee that my data will be "Safe" Simple truth be known these companies have probably been collecting information from the phones they have given to us for years. So the reality is we shouldn't be shocked or that upset when we find out that someone is collecting information about us. I mean Have you ever Googled your Name? You might be surprised at what you see.
 
I would advise removing androidvncserver.apk, HTCLoggers.apk, HTCIQagent.apk, and HTCfeedback.apk. However, definitely remove HTCLoggers.apk if you are unsure about the other three as that was the offending one mentioned in the article.

Removing these should produce no ill effects on your handset. You could also just flash a ROM that has these already removed, and I am sure there are plenty of those out there already.
 
Hmmm, I'm going to take a look into Mik3D. I'll dig around in the ROM and see if those are in there. Thanks heretic!
 
Running stock rom on rooted EVO 4G, deleted htcloggers.apk, phone went into a force close loop saying app had crashed.... had to pull the battery to get out of it and reboot.

Everything seems to be ok now!

Thanks for the heads up!
 
andygu3 said:
Sounds like HTC may push a patch out at some point in time
Click to expand...

That would be funny since they are the ones who did this in the first place by adding those apk files. :)

They are probably saying right now, Damn! they figured it out. They are probably just going to mask them better next time.:p
 
You must log in or register to reply here.
Back
Top Bottom