First thing first, it’s not because of Android, rather this whole mess is due to HTC, which thought of logging various information, such as email addresses, SMS data, location, phone numbers, system logs and more on smartphones.
In it’s latest devices, such as EVO 3D, EVO 4G, Sensation and Thunderbolt, HTC is criticized for logging plentiful of user data – which is now exposed with any application that has network access.
A team at AndroidPolice has discovered that updates for latest HTC phones can collect and store data, which is good in way, but extremely dangerous as anyone can write an application to access the data.
In short, any data in your phone can be made available to potential exploiters who can use it their way. Another tragedy is that there’s no way of recognizing such applications which can exploit your personal data.
For instance, a innocent looking game that apparently accesses internet to post your top scores can be accessing your private data and posting it back to the exploiter.
How to Avoid:
To get rid of this vulnerability you must root your device, in order to remove Htcloggers (you can find it at /system/app/HtcLoggers.apk).
Stay safe and don’t download suspicious apps. Of course, even quality-looking apps can silently capture and send off this data, but the chance of that is lower.
For further reading
Nice issue raised…. Our security agencies should consider these facts as HTC is the top most popular phone in educated & elite ruling class.. It has become a symbol of status just like blackberry used to be a few years ago.
Hahahaha
How about putting your google on 2-step verification so that it doesn’t allow any app to use google account unless you verify it.
Android still have dozen of zero day flaws which need to be publish.
I recommend all readers to use google 2 step verification for your gmail accounts that is used on android phones.
@Aamir, write review on google 2 step verification.