Some of you might have heard of the recent security vulnerability in HTC devices such as the HTC Thunderbolt and Evo 3D unearthed by the folks at Android Police, and we were waiting to hear the official word from HTC to confirm if the said vulnerability does exist.
According to Engadget, the Taiwanese company has sent out a public statement, admitting to the vulnerability. HTC claims that while their "software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application".
While HTC is currently working on an update to patch this particular security loophole, the company advises its customers to be wary of apps from untrusted sources, presumably those outside of Google's Android Market, and to install the update when prompted.
HTC Public Statement
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
Android apps have been under scrutiny of late, with various malwares such as jSMSHider targeting custom ROMs and gaining access to read, send and process incoming SMS messages. Google has been on top of things, such as introducing a remote kill switch to deactivate proven malware apps on their Android platform. While this particular security vulnerability shouldn't have appeared in the first place, it's good to see HTC claiming responsibility and acting on a countermeasure to protect its customers.