If you happen to own one of those fancy new HTC phones that have come out over the past few months, you might want to hold off on downloading any new apps from less-than-trustworthy developers.
The folks over at Android Police have discovered that the HTCLogger.apk included in newer HTC devices and system updates doesn’t secure any of the data that it collects. HTC Logger is intended to capture system logs, GPS location, user accounts and other data to help HTC monitor handset issues, which HTC should be using to push out fixes in a more timely fashion. The problem is that all the data captured by the app is stored on the handset and can easily be captured by any application that has permission to access the Internet (android.permission.INTERNET).
The security vulnerability caused by HTCLogger is certainly critical, but we do believe the whole situation has been blown out of proportion. By fully disclosing how to take advantage of the vulnerability, Android Police has given hackers and app developers with malicious intent everything they need to capture the information stored by HTCLogger. There’s currently no indication that any rogue apps are taking advantage of this vulnerability, but we suggest you think twice before downloading applications from developers you don’t know or trust until HTC can resolve the issue.
HTC is aware of the vulnerability and is looking into fixing the problem. But if you have root access and want to take matters into your own hands, you can uninstall the app from /system/app/HtcLoggers.apk and be done with this whole issue.
HTC takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken.HTC
Will any of you be waiting around for HTC to correct the issue? Or will you simply remove the HtcLoggers.apk and move on?