Discussion in 'Android Lounge' started by IOWA, Oct 1, 2011.
Remember the CIQ Apps Found In HTC Devices? Well, There Is More And It Isn
Good reason to root
AND Custom Rom
Massive Security Vulnerability In HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others) Exposes Phone Numbers, GPS, SMS, Emails Addresses, Much More
Well... From the article comments, it sounds like if you're rooted, and remove file "/system/app/HtcLoggers.apk", problem solved?
Sucks that "MOST" HTC users won't root and will still be vulnerable.
HTC needs to fix this in a hurry...
Best bet is to install a rom with that stuff cleared out, like scrosler's CleanROM along with freeza's kernel that breaks the links for that stuff as well.
Now I know why all those spammy links are appearing on my Twitter account
If people made Onstar back down from tracking, why not a massive complaint to HTC? Why put up with it on the phone? What is it about phones and some users?
Some will buy the Amazon Fire tablet and use the Silk browser which also tracks ever damn thing you do and post. Why? (Whole article comparing Silk to Phorm.)
Do you suppose a warning like computer browsers and security might make them notice? Or that they'd disregard and download the latest game?
I agree about rooting.
The things I've seen say thunderbolt sensation and possibly more. Anyone seen a list of the "more"?
I'm wondering about evo 4g and inspire. I've got a few people to tell about this if so, if not I don't want to bother them with the article. I have cm7 on my inspire so I can't look.
edit: found a couple things that say yes the e4g does have it.
If the Evo 4G or Inspire have gotten an update in the last 3 months, I'd do a check for HTCLoggers.apk in the /system/app directory. But just removing that one APK does not make it so the logging is disabled.
You can check for this easily by dialing *#*#482564#*#* if you have it, a control screen will pop up. Thankfully didn't see it on my DInc2 with 2.3.3. If somebody with 2.3.4 could confirm on if they have it or not, it would certainly give me a reason to root to block it. I was leaning towards not rooting, but this would certainly be a good reason too.
Can't see it on my Sensation on 3 updated to 2.3.4
I saw it on the mytouch 4g slide, but it said none of the loggers has been started.
And you believe it?
If you want to make sure, you can go into /data/data/com.htc.loggers and open those subfolders. Some will contain files that you can view as text. There will be a bit of encrypted characters as well as some oriental characters (that I can only assume is Taiwanese), but lower in the files, they'll actually say if they've been logging or not.
If they are, I'd recommend you deny read and write privileges to the folder and files.
I think I will just delete it using root explorer
Not to happy about this news.
Or if you like AOSP/Stock android, I love love LOVE Cyanogen mod.
I have it on mine but it is not started.
This is only a problem if you actually activated logging.
Go to Settings. Then About Phone. Then Tell HTC. Check or uncheck Report Errors to HTC and Report Usage to HTC.
If these settings don't exist in your HTC phone, then the logger doesn't exist there. If they do, uncheck them.
HTC confirms security flaws, promises fix
At least they're owning up to it. Although that crap shouldn't even be there in the first place. As someone who's watch tech evolve so rapidly over the past two decades I must say I definitely do not like the direction it's going...
I wonder how many more HTC users started researching how to root due to all of this?