Vulnerability in the security system of HTC HTC devices could lead to user data leakage
The Android Police resource team recently unveiled the results of their work regarding the security of devices from HTC. According to representatives of the resource, they were able to detect a security vulnerability that allows applications with “android.permission.INTERNET” access to read user data from a mobile device. The fact is that the recent update posted by HTC adds loggers of various types to the system, which collect data such as GPS tags, open text SMS, phone numbers, system logs, email addresses and so on.
All this is stored in the phone, and access to this data can be obtained for any application with an access level of the “android.permission.INTERNET” type, and this is what most Android applications request this access. In other words, if someone asks himself to get the personal data of users by writing an application of a special type disguised as a utility for this purpose, it will not make much effort.
')
The data received Android Police presented in the NTS, and the developers of the company have already stated that verification of this information is in full swing. If the guys from Android Police are right, then an update will be released covering the vulnerability. By the way, you can remove the loggers from the NTS, and thereby solve the problem once and for all. But this is only possible for rooted devices.
Via Android Police
All this is stored in the phone, and access to this data can be obtained for any application with an access level of the “android.permission.INTERNET” type, and this is what most Android applications request this access. In other words, if someone asks himself to get the personal data of users by writing an application of a special type disguised as a utility for this purpose, it will not make much effort.
')
The data received Android Police presented in the NTS, and the developers of the company have already stated that verification of this information is in full swing. If the guys from Android Police are right, then an update will be released covering the vulnerability. By the way, you can remove the loggers from the NTS, and thereby solve the problem once and for all. But this is only possible for rooted devices.
Via Android Police
Source: https://habr.com/ru/post/129595/
All Articles