In a recent update, HTC added a suite of logging tools that harvest quite an EXTRAORDINARY amount of personal information as the user goes about his/her ordinary day to day usage. This information is stored on the device, where any application with basic Internet Access permission (pretty much any app that allowed to access the web, which is almost everything) can read it or sent it anonymously to a remote location.
The information collected include (but most definitely isn't limited to) the following items:
- The list of user accounts, including email addresses and sync status for each
- The last known network and GPS locations and a limited previous history of locations
- Phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it's possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
- device information (hardware and software)
- file system information
- content and service provider information
- network information including IP addresses
- a snapshot of every running process and every running thread.
HTC has promised that a patch is in the works.
Full details including proof of concept code can be found here:
No comments:
Post a Comment