Mobile handset maker HTC has agreed to settle a complaint filed against it by the Federal Trade Commission accusing the company of failing to take "reasonable steps" to patch a security flaw in software running on its smartphones.
As part of this settlement, HTC has agreed to patch handsets that were left vulnerable to the security risks. And the company has agreed to develop a security program to address future security issues on its handsets.
HTC has already begun rolling out the patches to devices in the U.S., according to the FTC.
In its complaint, the commission accused HTC of failing to provide its engineering staff with adequate security training. The agency also claimed that HTC had not used "well-known and commonly accepted secure coding practices."
Specifically, the agency pointed to two logging applications offered by third-party companies used in the HTC devices. These applications --and HTC Loggers -- are also used by other handset and tablet makers. And they are used to track users' locations in order to improve the accuracy of location-based services.
Vulnerabilities in these software applications as well as others opened up millions of HTC customers to security risks, such as allowing malicious applications to send text messages, record audio, or even install additional malware on devices, the FTC said.
HTC has said in the past that none of its customers have been affected by these logging issues. And the company issued a patch to its devices starting in 2011. The company has not admitted or denied any wrongdoing as part of the settlement and issued this statement:
Privacy and security are important, and we are committed to improving practices that help safeguard our customers' devices and data. Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the U.S. released after December 2010. We're working to roll out the remaining software updates now and recommend customers download them once available.
HTC's devices running Android 4.0 already include a fix to these security issues.