It is quite impressive what the power of a single individual can amount to these days. We have been in touch with HTC regarding this security issue (since the beginning), which we officially announced last Friday. We tried to tell them that something wasn’t right with the whole concept of apps mining for data and sending it to a cloud. Well, after last week’s proof of concept released by XDA Recognized Developer TrevE, HTC decided that it was time to let their engineering teams take action. The outcome? People from both HTC in Taiwan and in North America are scrambling to put out security patches to prevent these exploits from being used. According to HTC, they should be rolling out OTA updates once the patches have made it through their testing QA as well as through the carriers.
We are certainly happy that they finally decided to take this with the degree of severity it actually has. The exploit is rather dangerous as virtually every single bit of information in the device is at risk. As it is customary, HTC has put out an official statement where they are letting people know of what we have talked about so far.
It would just be fair to remind HTC that they should not rest after this one is over and done for various reasons. The first one is because there are other confirmed exploits that we will release soon, which they will have to pay attention to. The other is because they need to up their efforts in the QA department a bit. The key to success in this world is constant innovation, and you guys are doing a good job so far, but as stated, you need to do a bit better.
Our community is willing to work with you as you have already seen for the last few weeks. This is not a matter of simply pointing fingers or kicking the giant when its down, this is something that affects the vast majority of us at XDA and as such we just want to point out things so that you take action. There will be other times for us to bash you (like blogs across the web have done), but this is not one of them. This is a very serious issue and with everyone being on the same page working together to find a solution, everyone will benefit from the outcome.
HTC Public Statement:
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
Want something published in the Portal? Contact any News Writer._________
Want something on the XDA Portal? Send us a tip! -- Join us for xda:devcon 2014!