What is it with companies wanting to know your every move anymore? Facebook’s has been tracking you on Websites with Facebook Like buttons; Amazon, with its forthcoming Silk Web browser, will literally track your every move on the Web, and now HTC, in some of its Android smartphones, has planted a logging program that records everything do you with your phone. That’s bad enough, but according to Android Police researchers, that snooping program has a giant security hole that will let crackers easy grab the information that it’s has been gathering.
According to the researchers, Trevor Eckhart, Artem Russakovskii, and Justin Case, in recent updates to some of its devices, HTC introduces a suite of logging tools that collected both system and personal information. That’s invasive. What’s even more annoying is that they also discovered HTC had added “an app called androidvncserver.apk to their Android OS installations”. That’s a Virtual Network Computing (VNC) remote access server. With it, HTC, in theory, could remotely control your phone.
But, wait, there’s more! The real problem is that they’ve found that “any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads) can get its hands on” this data.