FTC to HTC: Patch Vulnerabilities On Smartphones and Tablets 111
New submitter haberb writes "I always thought my HTC phones were of average or above average quality, and certainly no less secure than an vanilla Android install, but it turns out someone was still not impressed. 'Mobile device manufacturer HTC America has agreed to settle Federal Trade Commission charges that the company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.' Perhaps this will push HTC to release some of the ICS upgrades they promised a few months ago but never delivered, or perhaps the reason they fell through in the first place?"
Cyanogen Mod. (Score:5, Interesting)
The best software patch I've found for HTC products, though I have tried others.
Re: (Score:3)
Not just for HTC phones. I'd be tempted to flash CyanogenMod on any supported phone if it's not a Nexus device (and even then there are advantages with CM, especially with older Nexus devices that were deemed not powerful enough for 4.x).
Re: (Score:2)
Not just for HTC phones. I'd be tempted to flash CyanogenMod on any supported phone if it's not a Nexus device (and even then there are advantages with CM, especially with older Nexus devices that were deemed not powerful enough for 4.x).
In my experience, cyanogen is the best android distro there is. If you can get an official build or an unofficial port of it for your device, you should be running it.
Re: (Score:1)
In my experience, cyanogen is the best android distro there is. If you can get an official build or an unofficial port of it for your device, you should be running it.
I'm not arguing, but as a happy "stock" droid 4.2.2 user on my Samsung Galaxy Nexus, I would be interested to know what makes it better. I seriously considered CM when I had a Sony/Ericsson Xperia X10 Mini Pro piece of abandonware, and was in fact making preparations to install CM when that machine died.
As a follow-up question, with subsequent upgrades of Cyanogen, do they follow a non-destructive procedure similar to Google's with Nexus devices, or do I have to blow away all my apps, settings etc every t
Re: (Score:2)
Nexus device owners should stick to stock, since they get the fastest updates and thus the best security. Only the people who own devices whose manufacturers are slow to release updates should consider modding.
Re: (Score:1)
The Galaxy Nexus from carriers is a different beast from one bought directly from Google. The carrier versions may have added software and updates are often delayed by the carriers. The unlocked Galaxy Nexus from the Google Play store, like the current Nexus 4, is the one where you're guaranteed to get the pure Android experience and timely updates, and thus there is less reason to mod it.
Should anybody care about alternative platforms, the recent unlocked Google phones (Galaxy Nexus and Nexus 4) will proba
Re: (Score:2)
HTC make lovely phones that l
Re:Cyanogen Mod. (Score:5, Interesting)
Re: (Score:1)
-1 for hero, not a bad phone (for it's time), but the update they pushed at the end (right before the warranty expired) caused it to not ring for some calls..
Yup, they patched my PHONE to not be able to accept PHONE CALLS right before the warranty ran out.
And Telus said ,oh sorry ,your warranty has expired, we can't help you.
Luckliy my contract was up so i jumped ship on HTC and Telus right away.
(now i'm bitching and moaning about my Galaxy S Captivate from rogers, but at least this one lasted the whole 2 y
Re: (Score:2)
Which do you recommend as the better quality brands? The Samsungs have lovely specs but they're huge and look seriously ugly. There just doesn't seem to be much of anyone else in the HD range where I'm looking.
Re: (Score:2)
I've got an HTC One V. My power button started going out about 3 weeks after I got the phone. As in I had to fiddle with it to turn the phone on/off. HTC said to back everything up and send it to them, they'd get it back to me in 4-6 weeks. Overnight shipping both ways wasn't an option. I don't have a landline so I lived with it hoping for the best. After 3 months it pretty much didn't register, it's a bitch to turn the phone on.
Google shows others have this issue and suggested using a silicon spray o
Re: (Score:1)
My biggest issue with my HTC One V is that it goes into super deep sleep and I miss phone calls and alarms do not go off. Alarms will go off when I turn the phone back on after it is usually too late. (Note: None of the free alarm apps help as I've tried the best 3 of them) What does help is keeping the thing charged. The other is that the ringer volume sometimes does not match settings and rebooting the phone fixes the volume control.
At least they fixed the battery issue in the Nov/Dec update. There we
Re: (Score:1)
Who the F@$# thinks a screenshot involves the camera? Time to think b/f you post.
Re: (Score:1)
they are very shoddily made and usually about 3 months into it 40-60% of the phones crap out multiple times and we have to end up giving out Samsung as replacements.
Sure am glad I am in the other 40-60%. Both my and my son's Droid Incredibles are still going strong after almost 3 years. (32 months)
Re: Cyanogen Mod. (Score:1)
Re: (Score:3)
My buddy who is a sys-admin for a rather sizable company talked me out of getting a Galaxy S and getting an Evo 4G (WiMax original) instead. His experience, running IT for an organization with a really healthy blend of multiple types of handsets was that the HTC's were physically much more durable than the Samsungs.
My personal experience doesn't include a Samsung phone, but I'm rough on stuff. I've got bent keys in my pocket because they were bent in my pocket. I work at the Johnson Space Center running
Re: (Score:2)
You're right, culo means ass, puto is a man whore.
Re: (Score:2)
Re: (Score:2)
As someone who owns 3 Samsung devices and tires of hearing about it from HTC fanbois, thanks for that. :-)
Re: (Score:2)
Thank you for taking time out from playing in traffic to share that scintillating contribution to this discussion!
Re: (Score:2)
No offence, but I find your figures pretty unconvincing, nobody would be able to run a business with 50% failure rates.
Re: (Score:2)
it's not 99 cents, it's 99 cents as downpayment and two years of paying.
incidentally, are services taxes different from sales tax in USA? that might actually explain some of the "free phone!" shit. though in that case tax authorities are suckers for not smacking down the hammer on operators.
htc phones aren't particularly cheap in reality(full unsubbed pricing), even if they feel cheap.
Re: (Score:2)
You could have just said CM is the best software patch for any android device that isn't a platform reference.
Do any of them actually support their devices? I know Samsung doesn't, either.
Re: (Score:2)
Do any of them actually support their devices? I know Samsung doesn't, either.
HTC's phones are extra bloatware, though, which was true with Windows Mobile and is true now with Android. And then they often get sold by some carrier like T-Mobile who puts a bunch more bloatware on them. Really, you owe it to yourself to load CM on anything you can load it on.
Re: (Score:2)
Agreed. Part of the reason I got Cyanogen was I hated Sense and the bloat attached to it. On my LTE Evo Sense artificially limits the abilities of the phone for reasons I just can't comprehend. It almost makes it a non-multi-tasking device where it's awesome at multi-tasking with Cyanogen Mod.
Re: (Score:2)
I honestly want to know: what makes CM so much better than Sense?
I put CM on my older Desire HTC, because it was one of the ways to extend the internal memory of that phone onto a Micro SD card. But after a while I just put a modded Sense back on it.
I'm not saying CM is bad by any stretch. But I really couldn't see anything in particular that made it awesome...
All I'm seeing all the time is just: CM rulezzz!!!11 But there a practically no examples of actual benefits.
Re: (Score:2)
I had Cyanogen Mod on my old phone, then bought one of the Thunderbolts mentioned in the summary. Cyanogen offers NO support for this device. There was a dev who was releasing a really nice port of Cyanogen for the Thunderbolt, but he stopped several months ago.
It's my understanding that the main thing keeping Cyanogen from officially supporting the Thunderbolt is a lack of drivers for the phone's radio coming from HTC. HTC keeps promising us an ICS update, which wouldn't be as good as full Cyanogen support
Re: (Score:2)
The best software patch I've found for HTC products, though I have tried others.
Not me, whenever I root a device.
I always try to get the HTC Sense mod version of a ROM (although, it's probably not very legal).
And I've also tried others.
Re: (Score:2)
I used Mean ROM for a while, which is a Sense ROM. That ROM's biggest claims to fame were the biggest things going against it for me. Overclocking when the screen is on - great - but let me disable that. The disable is to under-clock it was the screen on. I loved the single core under-clock with screen off thing but there was no easy way to configure this behavior. Also the web browser was supposed to be awesome for some of the customizations, I liked some but couldn't disable the others so I used Chro
Re: (Score:2, Funny)
You must be an Obama supporter.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I think the Dream was the only HTC device that was long-supported on Cyanogenmod. I had a G2 and they stopped porting new OSes to it after Gingerbread - that was only a year newer than the device.
Sure, CM supports the devices longer than the vendors do (with the exception of Nexus phones), but their efforts have been diluted considerably and you don't see stable CM releases for most phones after a year. A year really isn't long enough to stop security updates for a computing device that is used heavily fo
Re: (Score:2)
CM is certainly the best option there is for HTC products, but few devices get CM releases after a year. Of course the vendors should be supporting the devices in the first place, but even the CM community doesn't really keep things going for that long. Nobody is paying them, and there are a LOT of phones out there, and most of the better developers seem to buy new phones frequently and move on.
Perhaps... (Score:4, Insightful)
company failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk
It should also be illegal to install bloatware that is embedded to the point of not being removable (without at least rooting the device and perhaps voiding warranty). Nothing makes the phone more secure than facebook processes -- there are several, and a dozen other built-in crapware clients (peddling games, services, etc).
And I don't think that buying full-priced phone changes anything, either.
Re: (Score:2)
I completely pwn my phones for exactly that reason. I considered the crapware Sprint put on my original Evo border-line criminal. It wasn't nearly as bad on Evo LTE, but they still secured crap in the "S-Off" area.
Re: (Score:2)
I completely pwn my phones for exactly that reason. I considered the crapware Sprint put on my original Evo border-line criminal.
Pray tell, have you ever needed warranty services on your phone?
I am not opposed to having to root my phone per se, but if I lose my warranty as a result, then provider behavior is criminal. Imagine if uninstalling one of the crappy adware services provided by PC manufacturer caused you to lose PC warranty.
Re: (Score:2)
Sort of.
I dropped my old Evo 4G (WiMax) onto a rock face first and shattered the screen. I was going to have to do a warranty replacement (no questions asked) but the guy behind the counter made me a deal. Buy $50 worth of crap in the store and he would replace my screen for free. I spent $100 on a pair of Bluetooth headphones, which is about what the claim would have cost anyways, but I got to keep the headphones.
Re: (Score:2)
Not even "sort of."
That's not a warranty claim, but might have been an insurance claim if you'd gone that route.
Warranties cover defects. Insurance covers accidents. [Insert car obvious analogy here.]
(That said: It sounds like it was a win-win deal. Counter-geek gets a sales commission and something to do with his free time at the shop, and you get the repair you were after.)
Re: (Score:3)
I briefly had a Motorola Backflip and I loved the concept of it. Unfortunately, it was underpowered to begin with and AT&T insisted upon larding it up with all sorts of things that would run and make it even slower.
It's a shame, because the device was actually fairly nice in other respects.
Re: (Score:2)
Nothing makes the phone more secure than facebook processes
Say what?
Oh, I see, humor. Swoosh!
At least with the later versions of Android, you can go in and Disable these apps, and they won't run, won't get updates, and only take up storage.
Re:Perhaps... (Score:5, Interesting)
Yeah -- but there are other's you can't do anything about. Dropbox or Google+ for example: only options are "force stop" and "uninstall updates". How about a flat out "uninstall".
Re: (Score:1)
Re: (Score:2)
On ICS you can also select "disable" which removes all their hooks into the OS like share meny entries and activity associations. I use it to disable most of the Samsung stuff on my GS3.
Re: (Score:2)
Ignore my other post. What I meant to say is that I can in fact disable Dropbox and G+ on my GS3.
Re: (Score:2)
Re: (Score:2)
It should also be illegal to install bloatware that is embedded to the point of not being removable (without at least rooting the device and perhaps voiding warranty).
The ICS upgrade to my HTC Thunderbolt allows me to disable any built-in app that isn't considered "critical". Surprisingly, their definition of "critical" isn't much different from mine. The only app I might want to disable that I cannot is a process that makes sure that you can't tether a device to the phone via WiFi, and I can understand the reasoning.
But Facebook, Verizon Navigator, and all the other bloatware are disabled and will not run. Not being able to remove the apps isn't really a big deal, as
Re: (Score:2)
The FCC ruled that Verizon's blocking tethering without paying extra is illegal.
They don't block general tethering...they only block using your phone as a WiFi hotspot, since that allows multiple other devices to use the connection at the same time. This is what the watchdog app is for.
I can one-to-one tether with no problem, and I have a grandfathered unlimited data plan.
Re: (Score:2)
Everyone talks about "voiding the warranty."
But has anyone ever actually had a warranty claim denied just because the phone is/was rooted and/or running different software?
Indeed, even HTC's own warranty statement [htc.com] doesn't seem to automatically exclude coverage for devices that are simply running different software.
(Also: Magnuson-Moss Warranty Act [wikipedia.org], etc.)
Re: (Score:3)
I used to have an HTC Merge. I had rooted (and unlocked, of course) the phone. I sent it in for a repair twice, to HTC itself not an insurance claim, and though the second time resulted in my getting a different phone returned to me I never once had anyone complain or deny my warranty because of this. YMMV and I have since moved away from HTC, great hardware though. I'm pretty rough on stuff.
Re: (Score:2)
Thank you for the valid response. If only others could be bothered...
Re: (Score:3, Insightful)
Well, the thing is, most people do NOT file warranty claims - they go back to their carrier and ask what to do. Because what happens if you have to send the phone to HTC and then wait for them to
Re: (Score:2)
All those words.
Have you ever sent a phone in under warranty and had a claim denied because it was rooted or was otherwise running different software?
That is the question, but none of that text answers it.
Thanks for nothing!
-flodadolf
Re: (Score:2)
Everyone talks about "voiding the warranty."
But has anyone ever actually had a warranty claim denied just because the phone is/was rooted and/or running different software?
Well, a more useful question is whether anybody has had a court of law deny them warranty coverage on the hardware for a phone simply because they had changed the firmware.
Anybody can deny a warranty for any reason. I can sell you a bike and give you a contract signed in blood that says I'll fix it for any reason for a year, and then you could bring it back to me, and I could say no. Now, if you took me to court the court would likely tell me to fix it, because I'm violating the law.
The problem is that ge
Re: (Score:2)
It should also be illegal to install bloatware that is embedded to the point of not being removable (without at least rooting the device and perhaps voiding warranty).
Yes, the FTC report also mentions Carrier IQ by name.
Re: (Score:1)
If the carriers would calm down a little on the shitware, there'd be less people rooting their phones.
True. My last phone (Sony/Ericson) never got updated beyond Android 2.1 by the manufacturer, and the asswipes did a deal with my telco to cripple tethering (despite said telco explicitly telling me they didn't have a problem with tethering). So I pretty much had to root the device to get the functionality I needed.
However, my more recent Galaxy Nexus (from the same telco) came with a much closer-to-stock ROM on it, and with less crapware, and I never did get around to rooting it.
Even now that I have fl
Bad summary. (Score:4, Informative)
Re: (Score:2)
Re:Bad summary. (Score:5, Informative)
Right. Why do summary writers always try to force the story toward their pet peeve.
Further this FTC settlement had NOTHING to do with what version of Android was installed, but rather the diagnostics and monitoring applications they had installed, mostly at the carriers request.
Both "Carrier IQ", something demanded by carriers, till they got caught, and "Tell HTC" a bug reporting software, ended up leaving logs on the phone that contained private data in clear-text, and transmitted that data to the carriers or to HTC in un-encrypted format. It also had to do with the handling of that data once it was delivered to the carriers and more specifically to HTC.
Why the summary writer had to make it about something else is beyond me.
Re: (Score:2)
Right. Why do summary writers always try to force the story toward their pet peeve.
Because oftentimes their personal grudge against the company is the only reason they take the time to write up a story and submit it.
Re:Bad summary. (Score:4, Informative)
To be clear, this is what the vulnerability did:
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/ [androidpolice.com]
Note the date of that article. (!)
Carrier IQ was spyware (Score:1)
It was a binary on the handset, it has the ability to spy on everything, right down to the keystrokes. They advertised the ability to capture app usage, right down to keystokes, etc. They claimed to be only using the call quality feature of that spyware.
Their servers send a profile to your phone, the profile says what to capture. That data is then sent to CarrierIQ's server, and data mined on behalf of their customers from that database.
They were caught, because HTC's version left the debug flag on and all
Re: (Score:2)
So they got ICS about the time I upgraded myself to Jelly Bean.
FTC to carriers (Score:1)
FTC to carriers: stop delaying updates, but FTC is too much in bed with them
Rant (Score:2)
Re: (Score:2)
They come with a good set of hardware and software and update the software for each new phone for a few months, but after that they tend to forget about the phone and move onto the next piece of hardware without looking back.
I got a Raphael (Fuze) free from AT&T and boy was it garbage. Sad thing is, later versions of Sense are actually pretty good on Windows Mobile (I hear they still all suck on Android) and with EnergyROM 3.0 the phone is halfway decent. Unfortunately, Android phones got cheap before a decent Android release happened for it. You can run Android, but it's crashtactular and the kernel build service images are no longer hosted so you can't use ext3, with the end result that it's unusable.
Re: (Score:2)
They come with a good set of hardware and software and update the software for each new phone for a few months, but after that they tend to forget about the phone and move onto the next piece of hardware without looking back.
Exactly: a short while after selling it they forget about it. I have asked their support people why they won't release new software and they just give bullshit answers. That is why I will not buy another HTC phone and warn others about them.
Too bad... (Score:1, Troll)
HTC is the only company who sells Android phones that I'd consider buying. Too bad Android apparently has issues with security updates / etc. Sure, blame the vendor... But this seems to be a prevalent problem with Android based phones.
Apple Phones have too many problems (Score:5, Informative)
HTC is the only company who sells Android phones that I'd consider buying. Too bad Android apparently has issues with security updates / etc. Sure, blame the vendor... But this seems to be a prevalent problem with Android based phones.
Lets have a little look at security on the iPhone...hmmm you can just fiddle with the power button and making an emergency call then immediately hang up, and it bypasses the passcode.
Perhaps you would have been better with a HTC phone after all ;)
Apple make cheap Phones. (Score:2)
Good comeback! Personally, these iphone vs android arguements are getting weary
Except I personally would say none of those things, in fact those things are Apple spin, and in retrospect kind of sad that you think they should be worth mentioning. There is only one argument left, profits vs market share.
Re: (Score:2)
There is only one argument left, IRJFIMPAIWFM*.
TFTFY.
*(It Rides Just Fine In My Pocket And It Works For Me)
Re: (Score:2)
Who brought up iOS? Oh, you. And I agree completely about the iOS passcode bug - a massively severe issue.
Still, my comment and the article are about HTC.
Nexus 7 (Score:3)
All this an a sainted device from Google
Except people [including myself have been incredibly impressed with having a high resolution; quad-core; small tablet running latest Android....and so are the reviews. Top searches on Google
http://www.techradar.com/reviews/pc-mac/tablets/google-nexus-7-1087040/review [techradar.com] 4.5 stars
http://www.pcpro.co.uk/reviews/tablets/379261/nexus-7 [pcpro.co.uk] 3x 5 out of 6 and 1x6 out of 6
http://www.expertreviews.co.uk/laptops/1297408/google-nexus-7 [expertreviews.co.uk] 5 out of 5 User 5 out of 5 expert
http://reviews.cnet.com/google-nexus-7/ [cnet.com] 4 out 5
http://ww [wired.co.uk]
Re: (Score:2)
No offense to the fanboi's on here, but I won't touch another Samsung phone in my life. Hence why HTC was the only company I was considering.
The Nexus tablets look nice, but I am really quite happy with my iPad (and regarding the Nexus 7, I have zero interest in any 7 inch tablet including the nearly 8 inch iPad mini).
Sigh... RTFA (Score:2)
Too bad Android apparently has issues with security updates / etc. Sure, blame the vendor... But this seems to be a prevalent problem with Android based phones.
Erm You did read the complain right? Silly me of course not. The problem being complained about is massive security flaws in 2 HTC apps as well as HTC's botched implementation of the Android security model which allows applications to bypass any permission checking. These are NOT Android security flaws. They are entirely HTC flaws, they lie entirely at the feet of the vendor, and it is entirely the vendor's fault that they haven't been fixed more than 14 months after they were discovered and reported.
And th
Re: (Score:2)
Not really. Samsung are pretty good with updates, especially security related ones. If you absolutely must have the very latest version there are a number of Nexus models to choose from.
HTC has always been shit with updates on every platform. It's their hallmark. The only people who are worse are the carriers.
Re: (Score:2)
Slashdot: Where a troll no longer means troll, just that you criticized Google.
Other vendors? (Score:2)
Re: (Score:1)
Everyone but Apple is guilty of this.
I liked my HTC (Score:2)
For some reason they've seen fit to cripple the camera application so that the lowest resolution is 2048x1536. Lowest. So much for taking quick snaps to email to people. Nope, got to upload them now to edit later or get an app to resize them first.
Otherwise it's a great phone. The X was a bit too bulky for my taste, and I prefer the sense homescreen navigation to the - what I assume is stock Android - way my Nexus 7 does it. Battery lasts at least
This should apply to all Android and Windows (Score:1)
which both have more viruses than apps.
If the crazy hippie computer company from Northern California can make virus-free systems for 35 years, what is the excuse from all these “serious” computer and phone makers? Even Mac OS 9 had a system called Software Update that patched half the community within a month and the rest within 3 months.
...yet more satisfying than the iPhone (Score:3)
http://ondeviceresearch.com/blog/iphone-5-ranked-fifth-in-user-satisfaction%2C-behind-four-android-powered-devices#sthash.9vdyrgB2.7dG9XnAT.dpbs [ondeviceresearch.com] On device research found the One X to be the most satisfying phone in the UK beating out the iPhone.
No a respected reseach firm :) (Score:2)
It was a serious survey from a respected research firm "320,000 mobile and tablet users in six countries, including the US, UK, France, Germany, Japan and Indonesia, about how satisfied they were with their device." I am sorry you don't like the results, but they are unsurprising.