Several HTC Android devices feature a serious security flaw that allows hackers to access phone numbers, GPS, email addresses, SMS and more, according to numerous reports.
HTC’s EVO 3D and 4G, 4G and ThunderBolt are currently the only smartphones affected, though apparently the flaw goes so deep that experts are discovering new vulnerabilities with each new test. Apparently the issues initially found were just the beginning.
Currently any app on those affected devices that requests a single android.permission.INTERNET – a normal request for any app that connects to the Web – can access the following information: a list of user accounts, such as email addresses and sync status for each last known network and GPS locations; phone numbers from the call log; SMS data, with the high possibility of encoded text being decoded; and system logs.
This flaw even grants access to personal information, such as location and logs, to apps that only need one type of information, like Internet permission.
While the security research is ongoing, HTC has yet to issue a resolution. The company says it is working on investigating this claim as quickly as possible, promising to provide an update as soon as it can determine the accuracy of the allegation.