HTC America has settled FTC charges alleging that lax security practices on its smartphones and tablets left the door open for malicious programs to hijack phones and compromise the privacy of millions of users.
The FTC complaint says HTC’s use of the logging programs Carrier IQ and HTC Loggers, combined with programming flaws, created the potential for hackers to send text messages from phones, siphon financial information, record audio, and track the user’s location without their knowledge, among other things.
HTC admits no wrongdoing as part of the settlement. Many of the vulnerabilities were on Android devices, but HTC’s past Windows Mobile devices also are mentioned in the complaint.
The FTC says in a news release, “The settlement not only requires the establishment of a comprehensive security program, but also prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices.
What should you do if you have an HTC device? The FTC says, “HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers’ devices. Many consumers have already received the required security updates. The FTC encourages consumers to apply the updates as soon as possible.”
HTC America is the Bellevue-based North American division of mobile phone giant HTC.
In an emailed statement, HTC spokesperson Sally Julien says, “Privacy and security are important, and we are committed to improving practices that help safeguard our customers’ devices and data. Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the US released after December 2010. We’re working to rollout the remaining software updates now and recommend customers download them once available.”