huge security vulnerability, still going to buy?

[redraider1]

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

Makes me think twice about sense phones. Anyone else wonder if this will be fixed by the time the vigor comes out?

 

[trophynuts]

doesn't bother me. my info is probably already out in the wild anyways.

 

[redraider1]

doesn't bother me. my info is probably already out in the wild anyways.

Yeah but not everything that this leaks like your messages and what not. I just am surprised it has only come up now and will be interesting to see what htc does and how long it takes them to fix this.

 

[ASC]

Root and remove /system/app/HtcLoggers.apk Problem solved?

 

[redraider1]

Root and remove /system/app/HtcLoggers.apk Problem solved?

That is the thing though you shouldn't have to root the phone to prevent this security risk. I mean yes you can root but not everyone wants to root their phone.

 

[ASC]

Agreed. But until HTC Get's their heads out of their butt's, there is a "fix" for users who do want to go that route.

 

[Telexen]

This really isn't a gigantic deal everyone's making it out to be. If you're the kind of person who doesn't pay attention to permissions of that apps you're installing you've already opened yourself up to the risk. If you are - you're probably the kind of person who roots your phone anyway and can fix it.

 

[jikhead]

I'm not doing anything that I should be worried about getting stolen (data) or whatnot.

I'm pretty sure nearly ALL phones are doing something similar. It's big business and $$ when it comes to collecting information on users...look at the iPhone thing that was found to track people's movement. Every business wants to know how to better market their products to you better in order to sell you something.

 

[BabyBlues]

I'm not doing anything that I should be worried about getting stolen (data) or whatnot.

I'm pretty sure nearly ALL phones are doing something similar. It's big business and $$ when it comes to collecting information on users...look at the iPhone thing that was found to track people's movement. Every business wants to know how to better market their products to you better in order to sell you something.

Exactly. There was something similar found in one of the other phone brands recently as well (not apple). You get the warnings that apps are asking for permissions and while most of the time it's harmless, there is always that chance that it's not.

 

[Puppa]

This security flaw doesn't even exist for non-root users. Just tried it on my thunderbolt...app CANNOT connect to the logger (permission denied).

For root users, you're running at your own risk. Running all phone software with open root permission exposes you to all kinds of crap. If you're worried about this one, simply remove the app. If that's too tough for you, don't root.

The site that posted this "news" is completely irresponsible, pajama-boy garbage. Listing the "Vigor" (even with a weasel-like question mark, which nobody pays attention to), when "confirmed" models don't even have the vulnerability.

 

[rrhartjr]

This security flaw doesn't even exist for non-root users. Just tried it on my thunderbolt...app CANNOT connect to the logger (permission denied).

For root users, you're running at your own risk. Running all phone software with open root permission exposes you to all kinds of crap. If you're worried about this one, simply remove the app. If that's too tough for you, don't root.

The site that posted this "news" is completely irresponsible, pajama-boy garbage. Listing the "Vigor" (even with a weasel-like question mark, which nobody pays attention to), when "confirmed" models don't even have the vulnerability.

Reading through the comments on androidpolice show at least half of the users trying the proof of concept fail to replicate the problem. Very few who actually try it are confirming the issue.

 

[NightAngel79]

Yea, i aint buying this as a credible threat....

 

[hovercraftdriver]

Identified and fix incoming...

HTC confirms security hole, says patch is incoming -- Engadget

 

[jamor]

Damn this is bad news

 

[blackepoxy]

Is hTC Droid incredible 2 on the list?
I just looked where it said the logger file was stored with es on my non rooted dinc2 running 2.3.4, I couldn't find it.
I guess it said all Android phones running hTC sense...

 

[blkbeltkid17]

I know i am still gonna buy HTC phones no matter what i have seen the hell my parrents have gone trough with samsung and moto phones
and i am running a inc2 rooted couldnt find the .apk in my rooted rom and stock backup

 

[jbh00jh]

Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

Makes me think twice about sense phones. Anyone else wonder if this will be fixed by the time the vigor comes out?

It took me about two minutes to uninstall those polling apks in my TBolt, what's the big deal.

 

[hovercraftdriver25]

It took me about two minutes to uninstall those polling apks in my TBolt, what's the big deal.

Some folks aren't that tech savvy...regardless, why should the consumer have to worry about it in the first place?

BTW, where's that Vigor announcement that was supposed to happen yesterday that you posted about on XDA?

 

[BabyBlues]

I saw stuff that there is an announcement today. Not sure when but I'm keeping my fingers crossed

 

[hovercraftdriver25]

I saw stuff that there is an announcement today. Not sure when but I'm keeping my fingers crossed

US or UK? UK is having an event, supposedly Beats related and probably formal announcement of Sensation XE/XL or whatever it is called.

 

[BabyBlues]

Damn, looks like the UK. Sad face for me.

 

[jbh00jh]

Some folks aren't that tech savvy...regardless, why should the consumer have to worry about it in the first place?

BTW, where's that Vigor announcement that was supposed to happen yesterday that you posted about on XDA?

All you have to do is go into settings/applications with System App Remover and uninstall the two apks. If they are tech savvy enough to root a phone they can do that.

 

[blkbeltkid17]

I wanna see the announcement for this now