HTC Settles Flawed Phones Security Issue With FTC

By Alexandra Burlacu email: a.burlacu@mobilenapps.com | Feb 23, 2013 05:45 PM EST

Share This Story

  • Print
  • Email

According to federal officials, more than 18 million HTC smartphones and other mobile devices had security flaws that raised serious privacy concerns.

The Taiwanese company is one of the biggest smartphone sellers in the U.S., but its smartphones reportedly had security flaws that could allow location tracking of users against their will or knowledge, as well as theft of personal information stored on said devices.

Follow us

The Federal Trade Commission (FTC) charged HTC with customizing the software on its Android- and Windows-based phones inappropriately. That customization allowed third-party apps install software that could steal personal information, sent text messages or even enable the device's microphone to record the user's conversations.

The move marks the FTC's first action to police a mobile device manufacturer. Smartphones and tablets are increasingly more ubiquitous as tools for consumers to shop, bank or chat online, which means that greater protection is necessary to ensure that personal information and privacy are not compromised.

To settle the civil suit with the FTC, Bellevue, Washington-based HTC America agreed to issue software patches that close the security holes and create a security program an independent party will monitor for the next two decades.

"The company didn't design its products with security in mind," Lesley Fair, a senior lawyer in the FTC's Bureau of Consumer Protection, explains in a blog post. "HTC didn't test the software on its mobile devices for potential security vulnerabilities, didn't follow commonly accepted secure coding practices and didn't even respond when warned about the flaws in its devices."

HTC is currently updating its software and distributing it to users of some, but not all, affected devices, a company official said on Friday, Feb. 22.

"Privacy and security are important, and we are committed to improving practices that help safeguard our customers' devices and data," HTC spokeswoman Sally Julien said in a statement issued to the media. "Working with our carrier partners, we have addressed the identified security vulnerabilities of the majority of devices in the U.S. released after December 2010. We're working to roll out the remaining software updates now and recommend customers download them at once."

According to the FTC, the security flaws stemmed from HTC's customization of the OS software found on most of the affected handsets. With Google's Android, for instance, the system uses a permission-based security model to protect sensitive information and phone functions.

This means that when users are attempting to install an application that is not a standard part of the operating system, they will receive a notification to agree that the app could gain access to certain information or functions.

HTC, meanwhile, preinstalled certain applications on its phones in a way that not only prevented users from removing them, but also disabled this permission-based model. Without it, newly installed apps had immediate access to personal data, without prompting the user to agree. That security flaw could, for instance, allow the software to secretly record users' phone calls or track their location without their knowledge or permission.

Flaws in the security system could also grant third-party apps access to phone numbers, text messages, browsing history and sensitive information such as credit card numbers and banking transactions. Such flaws also affected HTC phones running Windows-based operating systems.

HTC's customization schemes added many security vulnerabilities to its handsets, but a commission official said it remains unclear how many users faced illegal breaches into their phones and personal information.

The security flaw in HTC phones, however, is nothing new. The problem persists since at least 2011, when the company acknowledged the issues and developed software patches for some of the holes. Meanwhile, according to the commission, HTC's user manuals claim or imply that a user is protected against malware though the permission-based security model.

Over the next 30 days the FTC will collect public comments on the proposed solutions, after which it will decide whether to formally carry out the order. HTC faces penalties of up to $16,000 per violation if it subsequently violates the order's restrictions and requirements.

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2013 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Ericsson Announces World-Leading Launches Ahead of Mobile World Congress 2014

Join Our Conversation

Smartphones
Shazam for iOSApple to integrate Shazam into iOS 8, allowing users to ask Siri what’s playing?
Sony PlayStation 4 on the rise: Seven million units sold, future update hinted
Amazon’s upcoming 3D smartphone leaks in first images, with more spec details
Google: All Glass spots claimed in Explorer Program after April 15 one-day sale following KitKat update
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
Chrome Remote Desktop app for AndroidChrome Remote Desktop for Android now available for free from Google Play
Adobe Lightroom mobile hits the iPad, coming soon to iPhones
Apple updates Mac iWork for iCloud suite – What’s new in Pages, Numbers and Keynote?
Microsoft launches Office for iPad, makes Office Mobile free on Android and iPhones
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps