Major vulnerability with all HTC phones (1 Viewer)

[Sam Posten]

Just one more example of how much better Android is because it's open http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

 

[mattCR]

The more I play with Mango the more I love it. I carry an iPhone for work now, but I admit, I ended up dropping BB and going WP7.5 for my home phone. It's stable, it's slick, and it works. Their are noticeable, significant differences between iPhone/WP7.5. But the one thing I can say for both is that they are smooth, easy to understand, function exactly as I expect and intuitive. Every experience I have had with Android has let me think it's a complete wild-wild-west mess of whatever goes goes. I have yet to see anything that I thought were truly intuitive, original, easy to easy and did exactly what I wanted.

 

[Hanson]

Wait -- these things never happen in closed systems?


http://gizmodo.com/5603319/new-apple-security-breach-gives-complete-access-to-your-iphone


In both instances, there is no documented case of anything actually breaching. Yes, it's a hole that needs to be addressed. But proof of concept and in the wild are two different matters.

 

[mattCR]

*shrug* I look at it this way, though.. it's not whether or not they happen or not, I'm not even concerned that it happened with HTC or Google. It can happen with iPhone/WP7 or whatever. I'm just saying, I've yet to play with an Android where I felt as though "The Juice is Worth the Squeeze". The major functions are PITA, and their inability to be consistent is annoying as all get out. The more marketshare you have, the more you are going to get people who try to hack you; that has always been true.

 

[Ted Todorov]

Quote:

Originally Posted by Sam Posten
http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/

Android stopped being even "open", not to mention open a while ago -- Google seems to have dropped all pretense of releasing Android 3 or later source code. And with Amazon using Google's prior "openness" against them I doubt very much anything will change.


So lets call the problem by its true name -- the non-integrated business model, which offers up more possible points of failure. HTC is one of them.

 

[Hanson]

As I understand it, the information that can be taken is nothing unusual provided the app had certain rights. The security flaw is that HTC only put Internet Access rights on this data, which means that in theory, an app that looks like it can only access the internet could be programmed to access more sensitive data through this hole. However, it's far easier to have a program slip in the rights necessary to access this data directly from the phone and not have to exploit an HTC specific vulnerability that affects a small number of actual phones.


Tempest in a teapot? Pretty much. The bigger problem is that most people don't read the security stuff when they install programs.