HTC America is being forced to address widespread security vulnerabilities with various devices. According to the FTC, the security issues affect millions of HTC devices throughout North America.
As part of a settlement, HTC will be subject to third party security assessments every other year for the next 20 years.
According to HTC spokesperson, Sally Julien:
“Privacy and security are important, and we are committed to improving practices that help safeguard our customers’ devices and data. Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the US released after December 2010. We’re working to rollout the remaining software updates now and recommend customers download them once available.”
HTC’s biggest security flaws listed by the FTC included permission re-delegation, the use of unsecured manufacturer-provided application markets, and vulnerabilities in communication mechanisms used by HTC phones.
Permission re-delegation is among the agency’s chief concern. During that process, a user grants one application access to certain information and then another application uses that first application’s approval to access data without the user’s direct consent. Permission re-delegation was available via pre-intalled HTC apps, which in turn have third-party apps the ability to record audio, access geo-location data, and send text messages without users’ permission.
The FTC settlement with HTC could prove to serve as a strengthening point for the mobile industry as a whole. By insisting on better security standards and issuing security audits, the FTC essentially sends a stern warning to other smartphone manufacturers regarding their own security protocols.