A researcher has found that software added by HTC to its Android devices exposes the following data:
- Phone numbers
- GPS data
- SMS messages
- Email messages
- Much more...
Basically Trevor Eckhart has found that HTC preinstalls a logging application that 'sniffs' a lot of information from the phone. It provides access to its own logs in a fairly loose manner. The upshot is that other applications could use the logger as a proxy and so read the above data.
Technical details, including a video showing a proof of concept attack, are available from Android Police.
UPDATE: An HTC spokesperson said that the company is "working very diligently to quickly release a security update that will resolve the issue on affected devices." Users will be able to download the fix over-the-air.