HTC Security OTA Appearing On European Sensations [Update: And Now The GSM EVO 3D, Too]

Android Police

By Brian O'Toole

Published Oct 15, 2011

Originally Posted October 12th.

It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.

Screencap by FG1234 of Android-Hilfe.de

While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story. Besides alluding to some positive-sounding "performance improvements and new features", the update description does not mention any further details, and HTC certainly doesn't dwell on the nature of the security update itself.

The OTA version is 1.45.401.3, and may be polled for by prompting your system to check for an update in the phone settings. A full release log has yet to be found, so we can only presume that it deals with the vulnerability previously reported.

Update Oct. 15th: TrevE has done some digging in the subsequent EVO 3D update (GSM model - no sign of it on Sprint yet), and has extracted the "security update" routine. As you can see in the code below, it essentially deletes the contentious logging files once and for all.

ui_print("Deleting specific files...");

delete_recursive("/data/data/com.htc.loggers/",

"/sdcard/htclog/");

....

"/system/app/HtcLoggers.apk", "/system/app/HtcLoggers.odex",

"/system/app/NetLogger.apk", "/system/app/NetLogger.odex",

"/system/app/QXDM2SD.apk", "/system/app/QXDM2SD.odex",

"/system/bin/androidvncserver", "/system/bin/usbnet",

"/system/lib/libhtc_loggers.so", "/system/lib/libhtc_netlogger.so",

"/system/lib/libhtcqxdm2sd.so",

Source: XDA-Developers, Android-Hilfe.de