makes them this vulnerable then is it not logical that also
puppy linux is similar?
http://www.gizmag.com/security-htc-andr ... nes/20010/
Now Gizmag is no computer or software mag so it can be written by
somebody relying on others info and maybe misunderstanding it.
It is way too complicated for me so I share it to get your views on it.
The reported vulnerability, which has left those who discovered it
- Justin Case, Trevor Eckhart and Artem Russakovskii from Android Police - speechless,
involves a suite of logging tools included in recent HTC modifications
to the Android operating system in EVO and Thunderbolt models that
collect a stack of information on the user's phone.
But not only do the modifications collect a swathe of information,
they also allow nefarious types to send that data to wherever on the Internet they like.
"It's like leaving your keys under the mat and expecting nobody
who finds them to unlock the door," says Russakovskii.
The list of compromised data includes but is not limited to:
* List of user accounts, including email addresses
* Last known GPS location and history of previous locations
* Phone numbers from the phone log
* SMS data, including phone numbers and encoded text
* System logs, which track everything your running apps do
* System information, including build number, bootloader version,
CPU info, running processes, list of installed apps, battery info
and status, and network info, including IP addresses.
Eckhart only released the information after contacting HTC
on September 24th and receiving no real response for five days
in the hopes that making the security vulnerability public would
prompt HTC to address the issue.
Although the team at Android Police believes HTC is looking into
the issue, there's been no statement from the company as yet.
The team also uncovered an app added by HTC called androidserver.apk
that is basically a remote access server that could allow third parties
access to the phone.
They say that, while the addition of the app "could end up being insignificant,"
it is still "very suspicious." Although the app isn't started by default,
it isn't clear what or who can trigger it.
While open source software, such as Android, has many advantages
over a closed system, such as allowing greater creativity on the part
of developers, the vulnerability the Android Police team claims to have
uncovered highlights one of the major downsides of open source
software.
While users expect problems from sources in the darker corners
of the Internet and are extra vigilant in looking out for anything
that may compromise the security of their devices, the fact this problem
comes from one of the biggest players in the Android space is a real concern.