HTC has settled a case with the U.S. Federal Trade Commission for failing to address programming flaws that allowed third-party apps to bypass Android security. HTC devices came with HTC Logger and Carrier IQ -- software that tracks device logs or user location. HTC's failure to implement adequate security made the phones vulnerable to hijacking and stolen personal data. The settlement requires HTC to release software patches for the vulnerabilities found in "millions" of HTC devices. While Carrier IQ was found in other Android phones and wireless carriers who were using the data, the FTC went after HTC because it "failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices."
What Else You Need To Know
- As part of the settlement, the Taiwanese device-maker will be required to undergo an independent security assessment every other year for the next 20 years.
- The Carrier IQ issue popped up in late 2011 when it was discovered that the software was monitoring how hundreds of millions of consumers use their mobile devices but failed to notify users or allowed them to opt out.
- The data logging software Carrier IQ was found in many Android phones like HTC's and was used by carriers including AT&T, Sprint and T-Mobile to test their network capacities.
Other sources
With this settlement, HTC will have to immediately stop making false promises about how it respects its customers’ privacy.- Jolie O'Dell, Venture Beat
- The Next Web
- HTC settles with FTC on charges it failed to secure logging data, exploitable flaws on millions of devices
- Other
- HTC settles with FTC over leaving Carrier IQ and other logging tools open to hackers
- Venture Beat
- HTC settles federal case over its smartphones and tablets logging your data
- Phone Scoop
- HTC Settles with FTC Over Security