1. Download our Official Android App: Forums for Android!

Root HTC Really, REALLY Screwed Up

Discussion in 'Android Devices' started by WormDoes, Oct 2, 2011.

  1. WormDoes

    WormDoes Android Expert
    Thread Starter
    Rank:
    None
    Points:
    313
    Posts:
    3,199
    Joined:
    Aug 8, 2010

    Aug 8, 2010
    3,199
    1,270
    313
    Sales
    Massachusetts
    I'm in SHOCK over what I've just read. I don't even know what to say to be honest. Read it and weep, literally. . .

    Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More

    edit: I spoke with Artem from Android Police on Twitter and the app in question is called HTCLoggers.apk and It's located in system/app. This only affects Sense ROMs. So, I'd recommend everyone who's rooted and running a Sense build check their system/app with your favorite file explorer immediately.

    I'm curious what HTC is going to do about all this? This is a PR nightmare. I'm a huge fan of their phones, but this has left a very sour taste in my mouth.
     

    Advertisement

    Thats, paigow, rexdog1888 and 2 others like this.
  2. Scrillex

    Scrillex Well-Known Member
    Rank:
    None
    Points:
    36
    Posts:
    97
    Joined:
    Dec 3, 2010

    Dec 3, 2010
    97
    8
    36
    Line Cook, Prep Cook
    Utah
    Saw this pop up on android police facebook,

    Just checked my synergy system. Doesn't seem to be in my system

    Pretty crazy info to let out.
     
  3. meandmydroid

    meandmydroid Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    115
    Joined:
    Dec 10, 2009

    Dec 10, 2009
    115
    16
    38
    Went to my andexplorer program, and that file is there! But when I click it and hit delete like I normally would to delete a file, it says file can not be deleted!
     
  4. meandmydroid

    meandmydroid Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    115
    Joined:
    Dec 10, 2009

    Dec 10, 2009
    115
    16
    38
    Weird..."andexplorer" wouldn't let me delete it...but I went through my bamf settings-manage system apps, and it let me delete that file...

    Whew! Now that THAT is deleted...are we sure there's nothing else we need to do further?

    Thanks for letting us know about this potential risk...
     
  5. scotty85

    scotty85 Android Expert
    Rank:
    None
    Points:
    1,413
    Posts:
    11,139
    Joined:
    Jul 25, 2010

    Jul 25, 2010
    11,139
    7,418
    1,413
    while im sure HTCs intentions were not to maliciously collect and manipulate personal info,i agree a very sour taste.

    did you watch the video? trevE made an app and ran it on a completely stock phone that shows exactly what this is doing.

    guys, this is EXACTLY why i root my phones from day 1 and prefer to run cynaogen mod(or some type of no-stock) firmware. i cant say enuff how much i appreciate the work of everyone in CM,and especially developers like jcase and trevE that bring these kind of things to our attention.

    searching now for a twitter for trevE. he looks like another good guy to follow.

    it will be interesting to see what HTC has to say about it.
     
    Chrizzl3 likes this.
  6. bjanow

    bjanow Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    2,763
    Joined:
    Dec 3, 2009

    Dec 3, 2009
    2,763
    477
    163
    Colorado
  7. scotty85

    scotty85 Android Expert
    Rank:
    None
    Points:
    1,413
    Posts:
    11,139
    Joined:
    Jul 25, 2010

    Jul 25, 2010
    11,139
    7,418
    1,413
    thanks for the link. i just donated to trevE,and think he very much deserves it if anyone can spare a lil. while this isnt "fun" like flashing a new rom, his findings here are just as important to the comunity.
     
  8. nyrmetros

    nyrmetros Android Enthusiast
    Rank:
     #287
    Points:
    43
    Posts:
    372
    Joined:
    Jun 20, 2011

    Jun 20, 2011
    372
    29
    43
    What does this mean for the regular user?
     
    SeekerOfTheWay likes this.
  9. WormDoes

    WormDoes Android Expert
    Thread Starter
    Rank:
    None
    Points:
    313
    Posts:
    3,199
    Joined:
    Aug 8, 2010

    Aug 8, 2010
    3,199
    1,270
    313
    Sales
    Massachusetts
    IIRC, TrevE is part of Team Synergy, who also found the vulnerability. I'd have to assume he removed the app having known about this since 9.24
     
  10. shaddyyy

    shaddyyy Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    130
    Joined:
    Oct 1, 2010

    Oct 1, 2010
    130
    17
    38
    wow unbelievable, thanks a lot worm. uninstalled with titanium backup pro
     
  11. Ibrick

    Ibrick Android Expert
    Rank:
    None
    Points:
    93
    Posts:
    983
    Joined:
    Feb 21, 2011

    Feb 21, 2011
    983
    208
    93
    Banking
    Milwaukee
    Read that acticle this morning, and yeah, wow.. not happy.
     
  12. WormDoes

    WormDoes Android Expert
    Thread Starter
    Rank:
    None
    Points:
    313
    Posts:
    3,199
    Joined:
    Aug 8, 2010

    Aug 8, 2010
    3,199
    1,270
    313
    Sales
    Massachusetts
    It means you have no way to remove the HTCLoggers.apk that the article is talking about.

    Merged with the thread I started on this topic. Non rooted users have no way to remove the apk. That's why I posted it in the All Things Root section
     
  13. CegAbq

    CegAbq Well-Known Member
    Rank:
    None
    Points:
    38
    Posts:
    109
    Joined:
    Nov 15, 2009

    Nov 15, 2009
    109
    12
    38
    Albuquerque
    But by merging & moving to the root section, then all the non-rooted people don't see that this is an issue & thus aren't alerted to further considerations to root.
     
    SeekerOfTheWay likes this.
  14. WormDoes

    WormDoes Android Expert
    Thread Starter
    Rank:
    None
    Points:
    313
    Posts:
    3,199
    Joined:
    Aug 8, 2010

    Aug 8, 2010
    3,199
    1,270
    313
    Sales
    Massachusetts
    It's not like this story isn't everywhere. If it was something that wasn't all over the web I would have left it there.
     
  15. scotty85

    scotty85 Android Expert
    Rank:
    None
    Points:
    1,413
    Posts:
    11,139
    Joined:
    Jul 25, 2010

    Jul 25, 2010
    11,139
    7,418
    1,413
    if i was on the fence about rooting or not,this would push me over the edge,for sure.
     
  16. bjanow

    bjanow Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    2,763
    Joined:
    Dec 3, 2009

    Dec 3, 2009
    2,763
    477
    163
    Colorado
    I sent in the money, downloaded the program and have no clue what to do next. If I go to menu and select remove log it says only available to donators. Rebooted all kinds of things and nothing. Oh well, it's only a buck.
     
  17. scotty85

    scotty85 Android Expert
    Rank:
    None
    Points:
    1,413
    Posts:
    11,139
    Joined:
    Jul 25, 2010

    Jul 25, 2010
    11,139
    7,418
    1,413
    are you currently running a sense rom? if so you can look at all the diffefrent things that those files have access to. if youre on AOSP,then youre safe,those files dont exist,so the app doesnt really do much. but its cool to support him anyway :)
     
  18. bjanow

    bjanow Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    2,763
    Joined:
    Dec 3, 2009

    Dec 3, 2009
    2,763
    477
    163
    Colorado
    Me? AOSP? ;) totally worth the dollar.
     
  19. Thats

    Thats That guy is This
    Rank:
    None
    Points:
    183
    Posts:
    1,169
    Joined:
    Feb 19, 2010

    Feb 19, 2010
    1,169
    383
    183
    Male
    Air Force
    Fargo, ND
    I honestly am not sure if I can get another HTC phone after this. The deal-breaker will be what happens with HTC's response.
     
  20. paigow

    paigow Well-Known Member
    Rank:
    None
    Points:
    36
    Posts:
    153
    Joined:
    Sep 13, 2011

    Sep 13, 2011
    153
    7
    36
    well my thunderbolt is rooted so removing this was not an issue. now im questioning buying the vigor. i really want new dual core, but will this security vulnerability get fixed in time?
     
  21. rexdog1888

    rexdog1888 Android Enthusiast
    Rank:
    None
    Points:
    113
    Posts:
    706
    Joined:
    Dec 6, 2010

    Dec 6, 2010
    706
    250
    113
    Texas
    I was on the fence about getting the HTC Vigor or Samsung Nexus Prime as my next phone. This is making that decision easier for me.
     
  22. scotty85

    scotty85 Android Expert
    Rank:
    None
    Points:
    1,413
    Posts:
    11,139
    Joined:
    Jul 25, 2010

    Jul 25, 2010
    11,139
    7,418
    1,413
    im not going that far. while i hope htc will state their intentions with these files,and fix this issue in timely manner, their not doing so wont cause me to not buy another htc product. who knows what similar files other mfgrs have in their software... we are lucky to have such devoeted devs for htc devices that dig stuff like this up for us.

    even if i change my mind about their ethics,i still like htc hardware. this just strengthens the concept that i wont get any phone i cant root.

    you guys get the prime. that just leaves more vigors for me,muahaha :D
     
  23. bjanow

    bjanow Android Expert
    Rank:
    None
    Points:
    163
    Posts:
    2,763
    Joined:
    Dec 3, 2009

    Dec 3, 2009
    2,763
    477
    163
    Colorado
    Reason I would get a prime is for immediate root. OK, and it's cool.
     
  24. superstretch

    superstretch Well-Known Member
    Rank:
    None
    Points:
    43
    Posts:
    131
    Joined:
    Sep 1, 2010

    Sep 1, 2010
    131
    27
    43
    Rochester, NY
    Double checking with the guys from th3ory roms, but it seems all of the sense-based-but-different ROMs have had this fixed for a while (probably because htclogger was considered bloat). I see my phone doesn't have the apk and log file listed (shifts3ns3 1.5).
     

Share This Page

Loading...