HTC admits to security mess, patch en route

Mobile maker HTC has admitted there's a big security problem with its phones that lets third-party apps access your personal data.

Last night we told you about the privacy problem, whereby a suite of logging tools that HTC itself introduced to some of its phones means any app you allow to access the phone's Internet connection could get at your contacts, texts, emails, call logs and location.

Now HTC has confirmed the flaw in a public statement, saying, "There is a vulnerability that could potentially be exploited by a malicious third-party application."

HTC is at pains to make clear that the logging software it installed "does no harm to customers' data". That software does, however, open the door to potentially malicious third-party ne'er-do-wells.

"So far," the statement continues, "we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability."

HTC says it's working on a patch that will fix the problem, soon to be made available over the air after a short testing period. In the meantime, the company advises "caution when downloading, using, installing and updating applications from untrusted sources." Such as, er, the unpoliced Android Market?

It's still not clear exactly which mobiles are affected, though Android Police believes the Evo 3D, "some Sensations" and the as-yet unreleased Vigor could be affected.

Is HTC's response enough to placate you, or should this never have happened in the first place? Let us know how you feel in the comments section below, or on our Facebook wall.