×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

HTC Android Backdoor Leaks Private User Data

samzenpus posted more than 2 years ago | from the like-a-sieve dept.

Android 82

Trailrunner7 writes "There is a serious security issue with a variety of HTC Android phones that enables any app with Internet permissions to access a huge amount of private data on the device, including call logs, email addresses, SMS messages, last known GPS location and more. The problem was introduced via an update to the HTC phones that installed a tool called HTCLogger that collects the data."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

82 comments

Deja View (5, Informative)

AB3A (192265) | more than 2 years ago | (#37590216)

Didn't we discuss this Yesterday? [slashdot.org]

Re:Deja View (2)

AmberBlackCat (829689) | more than 2 years ago | (#37590368)

Maybe it's just because I have an EVO 3D, but I really think this one needs to be discussed more often. Preferably on national TV.

Re:Deja View (0)

Anonymous Coward | more than 2 years ago | (#37590482)

Don't forget, Apple announces the new iPhone tomorrow. They need to get as much Android bashing out there as possible in order to convince people to use their more expensive, inferior product.

Expect some more mindless Android bashing for the next few days while Apple promotes their latest shiny piece of plastic with rounded corners. After all, they really need to hit a home run tomorrow, since they're being eaten alive by Android in the tablet and phone markets and were never a contender in the PC market.

I wonder how much a Slashdot article costs these days? Whatever the price, I'm sure Apple can afford it.

Re:Deja View (0)

Anonymous Coward | more than 2 years ago | (#37590644)

I wonder how much a Slashdot article costs these days? Whatever the price, I'm sure Apple can afford it.

I've always wondered why tinfoil nutters like you always come up with some convoluted conspiracy theory rather than accepting the truth which is usually quite simple. Oh well..

Re:Deja View (0)

Anonymous Coward | more than 2 years ago | (#37590754)

apple does not need to bash android, it's half ass setup by phone companies that bastardize it does it just fine.

Honestly, PURE android is a good thing, but the crap the phone companies do to it is what causes problems. Why cant google tell HTC that they cant use android anymore if they do not install a PURE android?

Just come to terms that HTC and Motorola suck and you will understand.

Oh wait, you're a fanboi who know nothing at all nor has ever touched a iPhone because all his friends are too poor to own one.. Ahhhhh... words wasted on you.

Re:Deja View (1)

PIBM (588930) | more than 2 years ago | (#37591052)

I believe he was referring to the fact that the article was a dupe already, and that this one place the blame using android backdoor as the title, rather than the better worded previous article. Anyway...

Re:Deja View (1)

Missing.Matter (1845576) | more than 2 years ago | (#37591206)

Honestly, PURE android is a good thing, but the crap the phone companies do to it is what causes problems. Why cant google tell HTC that they cant use android anymore if they do not install a PURE android?

Because one of the reasons manufacturers like android is the ability to customize it. They don't want you to want Android; they want you to want an HTC android, so that the next time your contract is up, you get an HTC android again instead of Samsung or Motorola or anything else. If they were required to run stock android, their ability to differentiate their product would be lowered.

Now, I'm not saying the consumer appreciates things like HTC sense or Motoblur. The tech crowd certainly doesn't. But I do know this is the manufacturer mentality, because I remember reading concerns they had with WP7 and Microsoft's refusal to let them skin it. Honestly that's one thing they got very right about the platform.

Re:Deja View (0)

Anonymous Coward | more than 2 years ago | (#37592092)

You are correct and those "enhancements" especially Blur are what will drive my next phone purchase to something else. If I had to buy one today it would be a Nexus. Coming from an original Droid (Google Experience Device) to a Droid 3 was awful with all the bugs introduced by Blur apps - buggy dialer that won't show pictures when using Google Voice, buggy camera app, etc. Sense is a little better, but I still will go with clean Android next time. The vendor "differentiation" is working to make them all suck.

Re:Deja View (1)

tlhIngan (30335) | more than 2 years ago | (#37592256)

Because one of the reasons manufacturers like android is the ability to customize it. They don't want you to want Android; they want you to want an HTC android, so that the next time your contract is up, you get an HTC android again instead of Samsung or Motorola or anything else. If they were required to run stock android, their ability to differentiate their product would be lowered.

Now, I'm not saying the consumer appreciates things like HTC sense or Motoblur. The tech crowd certainly doesn't. But I do know this is the manufacturer mentality, because I remember reading concerns they had with WP7 and Microsoft's refusal to let them skin it. Honestly that's one thing they got very right about the platform.

Well, Apple's helping to get rid of Samsung's TouchWiz crap by filing all those lawsuits (it's not just "rounded corners" but the entire package, and since TouchWiz is default set up to look pretty much like an iOS device...).

Maybe we can ask Apple ot sue HTC and Motorola to get rid of Sense and Motoblur as well. At least turn the Apple lawsuits to do some good...

Re:Deja View (1)

Animats (122034) | more than 2 years ago | (#37590642)

Didn't we discuss this Yesterday?

This points up a classic, unrecognized problem with forum systems - few of them support merging threads.

Old News (0)

Anonymous Coward | more than 2 years ago | (#37590244)

This was discussed months ago when it was discovered on XDA-Developers and HTC responded. There are details on XDA on how to remove the library and close the security hole.

Re:Old News (1)

dyingtolive (1393037) | more than 2 years ago | (#37590556)

And we appreciate your linking us to the page in question. It was most helpful.

Re:Old News (0)

Anonymous Coward | more than 2 years ago | (#37590720)

su
rm -rf /data/data/com.htc.loggers
pm disable com.htc.loggers # freeze the stock app, HTCLoggers.apk

(ymmv. I don't own an HTC phone, and I made up these instructions.)

Oh gods! I'm stuck in a time loop again! (1)

Kenja (541830) | more than 2 years ago | (#37590246)

Will this day ever end? Or am I doomed to repeat it forever?

or it could just be a repost I guess....

Do Slashdot editors... (2)

Issarlk (1429361) | more than 2 years ago | (#37590252)

...read Slashdot ?

Re:Do Slashdot editors... (0)

Anonymous Coward | more than 2 years ago | (#37590294)

No, they are far too busy editing it.

Re:Do Slashdot editors... (0)

Anonymous Coward | more than 2 years ago | (#37590384)

They edit?!

Re:Do Slashdot editors... (-1)

Anonymous Coward | more than 2 years ago | (#37591308)

Do Slashdot editors read Slashdot ?

No, They only review the comments and mod down those with a conservative perspective!

Contract Problems? (2)

MarkvW (1037596) | more than 2 years ago | (#37590268)

Phone companies have you sign adhesion contracts when you sign up for their services. In other words, "take it or leave it" contracts. These contracts are incredibly one-sided.

If the full extent of the agreement is laid out in the contract and the contract is not "unconscionable," the contract will be enforced.

I suspect that terms of a contract that allow a telephone provider to negligently harm a phone user in ways no phone user could reasonably anticipate would be considered an unconscionable contract.

That could open the door for money damages.

The phone companies work hard to get legislation to slam shut your right of access to the courts.

Need more details (0)

Anonymous Coward | more than 2 years ago | (#37590300)

The problem was introduced via an update to the HTC phones . . .

An update? What crazy world do you live in where phones get updates? I don't even have Froyo for fuck's sake!
Snark aside, we need more information. Carriers, phones, what version of Android you're running, and so on.

Re:Need more details (1)

Jeng (926980) | more than 2 years ago | (#37590664)

My phone got updated to 2.3.4 via an automatic update from T-Mobile. Running an HTC G2.

iPhones do not appear impacted (1)

bhlowe (1803290) | more than 2 years ago | (#37590388)

This security breach does not appear to affect the iPhone 5 to be released tomorrow.

Re:iPhones do not appear impacted (0)

Anonymous Coward | more than 2 years ago | (#37590732)

No shit?

Re:iPhones do not appear impacted (0)

Anonymous Coward | more than 2 years ago | (#37590752)

Are you are troll or just stupid?

Re:iPhones do not appear impacted (1)

Bucky24 (1943328) | more than 2 years ago | (#37591482)

Probably because iPhones don't have the HTCLogger tool. Nor will they likely have said tool in the future.

Re:iPhones do not appear impacted (0)

Anonymous Coward | more than 2 years ago | (#37592708)

Well, that's because they didn't need a tool to do anything. Leaking GPS data (among other things) was an integral part of the OS.

Re:iPhones do not appear impacted (0)

Anonymous Coward | more than 2 years ago | (#37592826)

WHOOOOSHH!!!!

Problem for who? (0)

Anonymous Coward | more than 2 years ago | (#37590416)

A problem with a device that allows the owner of the device to view and delete or to dispose of private, personal data at will .. by the owner of the device is not a problem for the owner of the device, is it?

Re:Problem for who? (1)

ae1294 (1547521) | more than 2 years ago | (#37590452)

are you a poorly crafted chatbot?

Re:Problem for who? (3, Funny)

dyingtolive (1393037) | more than 2 years ago | (#37590544)

He must work for the Official Organizational Body That Specializes in Unmaking Things Simple and Consice by Unwieldily Phrasing Things Not in a Way Most People Would Easily Parse. It's also known by it's acronym, OOBTSUTSCTNWMPWEP, not to be confused with OOBTSUTSCUPTNWMPWEP, which, as well all know is the acronym for Obfuscated Acronym Bureau.

Jimmy Two-Times (0)

Anonymous Coward | more than 2 years ago | (#37590428)

I'm gonna go get the papers, get the papers.

This looks really serious... (1)

MrCrassic (994046) | more than 2 years ago | (#37590476)

I'm usually skeptical to "GAPING HOLE" stories like this, but the Android Police article referenced in the article provided (link here [androidpolice.com]) clearly demonstrates that this is a serious problem.
Google or, I think, HTC can just remove the app OTA until they clean this up. I can see why they need SOME of that data (build information, phone information, stack trace, etc), but what are they going to do with SMS messages and call history??

Re:This looks really serious... (0)

Anonymous Coward | more than 2 years ago | (#37590570)

They are going to incorporate it into Google+ of course! Why wouldn;t they harvest everything they can and post or sell it. It is working well for the social competition.

Re:This looks really serious... (0)

Anonymous Coward | more than 2 years ago | (#37591378)

They are going to incorporate it into Google+ of course! Why wouldn;t they harvest everything they can and post or sell it. It is working well for the social competition.

You do know that HTC doesn't own Google+, right?

Disappointed in lack of comments in these posts (1)

blahbooboo (839709) | more than 2 years ago | (#37590516)

Why are there a measly 82 comments in the prior post and this one isn't generating a lot? This is a significant finding, and when this happens on iOS slashdot has 500+ comments. Perhaps the low comment number is because the apple folks aren't as crazy with trolling on android as vice versa?

Re:Disappointed in lack of comments in these posts (1)

dyingtolive (1393037) | more than 2 years ago | (#37590598)

I'm guessing most people take a glance at it, look at their rooted phones not running Sense or running a version of Sense old enough to not have HTC's "update" in it, and then they go on about their lives. I know that the version of VirtuousROM that I'm running doesn't have the apk they mention in the article on it.

As far as an equivalent iOS issue, aren't you kind of just stuck with it if it's there? I mean, you can't just trivially remove the offending package or change OS or something, can you?

Re:Disappointed in lack of comments in these posts (1)

Calibax (151875) | more than 2 years ago | (#37590978)

What percentage of HTC phone owners actually know how to root their phones and consider it worth the time and effort? I'd take a bet it's way less than 5%, not "most people" as you suggest.

Re:Disappointed in lack of comments in these posts (1)

blahbooboo (839709) | more than 2 years ago | (#37591150)

What percentage of HTC phone owners actually know how to root their phones and consider it worth the time and effort? I'd take a bet it's way less than 5%, not "most people" as you suggest.

Exactly.

Re:Disappointed in lack of comments in these posts (1)

dyingtolive (1393037) | more than 2 years ago | (#37591532)

As this is the site eternally waiting for the "Year of Linux on the Desktop," I'd hope it's a lot more than 5%. I'm just excusing why there is less outrage HERE, not around the world.

Re:Disappointed in lack of comments in these posts (1)

iluvcapra (782887) | more than 2 years ago | (#37591640)

"HTC phone owners" or "slashdot-reading HTC phone owners"?

There's this sort of attitude that says that anyone who runs Android accepts the consequences, because it's "open" in this sense and you can read the source and make your own changes. People who run iOS are forced to make a somewhat more authoritarian argument because they don't really have much granular control over what they run on their phone and don't have complete control over the consequences -- and so you end up having big arguments over wether the iPhone or whatever is a good product en toto, and whether ot not Apple policy X is good or bad.

Android comment threads aren't as spicy because most slashdot-reading Android users have the attitude that everything disagreeable about Android is opt-out, even if it's a Hobson's choice a lot of the time, and the disagreeable aspects of Android are the only things keeping manufacturers selling it.

Re:Disappointed in lack of comments in these posts (1)

scot4875 (542869) | more than 2 years ago | (#37594306)

And I'll bet that of the demographic that frequents Slashdot, it's much higher than that; probably "most people" for the context of usual commenters to Slashdot posts.

--Jeremy

Re:Disappointed in lack of comments in these posts (1)

MikeMo (521697) | more than 2 years ago | (#37590792)

I have noticed that bad news about Android devices in general either generates a lot of Apple hate posts or no posts at all. It's like slashdot folks avert their eyes whenever bad news pops up. Note the paucity of bad news about Android on slash in general - it just doesn't make the front page.

Re:Disappointed in lack of comments in these posts (0)

Anonymous Coward | more than 2 years ago | (#37597480)

I have noticed that bad news about Android devices in general either generates a lot of Apple hate posts or no posts at all. It's like slashdot folks avert their eyes whenever bad news pops up. Note the paucity of bad news about Android on slash in general - it just doesn't make the front page.

This is NOT bad news about Android, it's bad news about HTC and specifically one of their in-house apps.
One of the drawbacks to controlling the OS, the hardware, AND the software like Apple does, is that you're responsible when anything gets fucked up with any of those parts of it.

So yeah, it's logical that you'd see more griping about Apple than Android in this regard.

Get with the plan (1)

Calibax (151875) | more than 2 years ago | (#37590892)

Didn't you get the memo? It's very cool to dislike Apple, but it's totally not cool to beat up on Android (and by extension, Android vendors). In fact it's so very un-cool that we need to ignore Android related problems - not that there are (or ever will be) any.

Re:Get with the plan (1)

blahbooboo (839709) | more than 2 years ago | (#37591162)

haha i didn't realize. You're actually correct... the apple posts also generate more hits for slashdot so that explains the apple posts here as well..

Re:Get with the plan (0)

Anonymous Coward | more than 2 years ago | (#37591330)

In fact it's so very un-cool that we need to ignore Android related problems - not that there are (or ever will be) any.

You mean we should treat it like Slashdot treats Mac OS X malware?

Re:Disappointed in lack of comments in these posts (5, Insightful)

Belial6 (794905) | more than 2 years ago | (#37591480)

I suspect the difference is that there is little to discuss. 82 comments is plenty for everyone to see that everyone agrees this is a problem. Whereas when there is a problem on Apple devices, Apple fanboys come out in droves to try and rationalize away the problem.

If you want to verify this, just review the two threads and see how many people claim it isn't a problem for the the people that own the effected phones. Then go to the Apple tracking threads and count the number of people who claim it isn't a problem for people that own the effected phones.

Honestly, I'm not sure if you are trolling, or if you actually don't see this.

You really seem to be obsessed with Apple. (1)

Brannon (221550) | more than 2 years ago | (#37594318)

Lets talk about what else you have going on in your life. We're all here to help, but most importantly, we're here to listen. This is a safe place.

Re:Disappointed in lack of comments in these posts (1)

scot4875 (542869) | more than 2 years ago | (#37594294)

I'm thinking a couple of reasons:

HTC doesn't have nearly the marketshare of the iPhone. It's only one of many players in the Android handset market. A lot of people don't give a shit about HTC's security problems.

Second, many of us who *do* have HTC phones have installed Cyanogen or some other ROM and it's a non issue. I bought a HTC phone for the hardware, not the software. What they do to fuck up their default OTAs is a complete non-issue to me because I have the freedom to not deal with their default OTAs.

That said, hopefully this isn't indicative of things to come from HTC. I like their hardware and their hacker-friendly mentality and would hate to have to start avoiding them.

--Jeremy

Bites (0)

Anonymous Coward | more than 2 years ago | (#37590620)

Bite my shiny metal android backdoor.

Re:Bites (0)

Anonymous Coward | more than 2 years ago | (#37595860)

Not until it stops leaking!

One question. (1)

JustAnotherIdiot (1980292) | more than 2 years ago | (#37591122)

I'm usually too lazy to do things such as rooting, but this (along with a few other things) seriously make me want to get a custom ROM for my phone.
Any suggestions for an HTC incredible 2?

Re:One question. (1)

blahbooboo (839709) | more than 2 years ago | (#37591174)

Uber nerds like the crazy amount of customization available in cyanogen.

I enjoyed just plain vanilla android. Clean and simple.

Re:One question. (1)

kgoods (971330) | more than 2 years ago | (#37591438)

>>Uber nerds like the crazy amount of customization available in cyanogen. >>I enjoyed just plain vanilla android. Clean and simple. Or not so much the customization but the more-than-obvious performance boost. I have a HTC Hero, the contact is not up for another 8 months and it was getting painfully slow. Rooted it and installed cyanogen and it's like a new phone. I don't really care so much about the bells and whistles, but the responsiveness has improved so much that I may not even upgrade when this contract is up. You can have clean and simple with cyanogen if you want, plus, did I mention it is FAST? :)

Re:One question. (1)

blahbooboo (839709) | more than 2 years ago | (#37591478)

Is it faster than vanilla android? In my test it didn't seem so...

Re:One question. (1)

kgoods (971330) | more than 2 years ago | (#37591554)

Easily... but that could have more to do with the vanilla being 2.1 and cyanogen being 2.3.3. Don't know don't care... happy with it the way it is. ;)

Re:One question. (1)

JustAnotherIdiot (1980292) | more than 2 years ago | (#37593144)

When you say vanilla, do you mean the image I got on the phone out of the box?
Because that's bogged down with all kinds of crap I don't need from verizon and HTC.

Re:One question. (1)

YoopDaDum (1998474) | more than 2 years ago | (#37596872)

On an Incredible S (should be the same as 2, just different market and name) if I use AndExplorer (free app) to look into the device /system/app directory I don't see an HTCLogger.apk file. I'm not experienced enough to say this model is not affected for sure, but it looks like the application causing the problem is not installed. This check is very easy to do, so if an experience Android person can tell whether it's reliable or not it'd be nice.

Must be Apples fault (1)

thetoadwarrior (1268702) | more than 2 years ago | (#37591168)

Somehow Apple must to be blame. Android is open source goodness and with so many eyes looking over the code it couldn't have flaws.

Re:Must be Apples fault (1)

wrygrin (128912) | more than 2 years ago | (#37591714)

Somehow Apple must to be blame. Android is open source goodness and with so many eyes looking over the code it couldn't have flaws.

that may have been intended as stinging sarcasm, but the problem is with a component of HTC's proprietary Sense overlay. that sorta takes any point out of your mockery.

Re:Must be Apples fault (1)

thetoadwarrior (1268702) | more than 2 years ago | (#37592026)

It was sarcasm and it was more to the point that people think that Android is better because it's open source but imo it's not that open because of things like Sense so it's slowly losing any sort of benefit to being open source.

Re:Must be Apples fault (0)

Anonymous Coward | more than 2 years ago | (#37592884)

And we obviously have to blame the AOSP for that. Not HTC, not any manufacturer, but Android itself.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...