HTC has confirmed the existence of a sizable security flaw in some of its phones, originally found on Sunday by Android Police. While the company says the hole shouldn’t present a problem if users steer clear of shady apps, the company is working on a patch to close the vulnerability, and will push it out to affected owners.
The security hole comes from an application package titled HTCLoggers.apk, which is part of HTC’s Sense UI. That app tracks information, including GPS location, e-mail addresses, and phone numbers, on high-profile phones including the HTC Thunderbolt and EVO 4G. Android Police discovered that any application that had Internet permissions (that is, any application that needs to connect to the Internet for any reason) could access this log, and even forward the data it contains to their own remote servers.
The team that discovered the flaw contacted HTC September 24, but the company didn’t acknowledge the problem until October 3. After investigating, HTC has de