Security Alert: Major vulnerability discovered affecting almost all HTC devices with HTCLoggers.apk

2
25

According to AndroidPolice and Trevor Eckhart’s findings almost all HTC devices are vulnerable to a newly discovered flaw, leaking not only your phone numbers but SMS and GPS data, Email address and much more.

Apparently this vulnerability affects smartphones such as EVO 3D, EVO Desing 4G, Thunderbolt and more. HTC recently issued a series of logging tools via firmware upgrades that is intended to collect information in a secure manner, unfortunately according to Trevor’s findings almost any app on affected devices that requests a single 
android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on:

  • the list of user accounts, including email addresses and sync status for each
  • last known network and GPS locations and a limited previous history of locations
  • phone numbers from the phone log
  • SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
  • system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
  • active notifications in the notification bar, including notification text
  • build number, bootloader version, radio version, kernel version
  • network info, including IP addresses
  • full memory info
  • CPU info
  • file system info and free space on each partition
  • running processes
  • current snapshot/stacktrace of not only every running process but every running thread
  • list of installed apps, including permissions us