Privacy on your mobile phone is kind of a big deal. And a company named Carrier IQ made it an even bigger one about a year ago by getting all up in a bunch of people's business. If you don't remember the Carrier IQ debacle of last winter, let me give you a rundown.
First, a guy named TrevE figured out that a company called Carrier IQ had its software installed on a bunch of phones, and that it was taking a lot of data from those phones. Read More
Trevor Eckhart, a developer involved in uncovering a huge security vulnerability that affected several HTC devices, was recently threatened by Carrier IQ (CIQ), a company involved in gathering various forms of user data and sending it to carriers or manufacturers for analysis. For those who haven't been following the story, here's what happened:
Trevor Eckhart found several training manuals on CIQ's website. These were publicly available. Trevor shared them with the community, explaining just how far-reaching CIQ's data collection practices are. Read More
Originally Posted October 12th.
It's been eleven days since Android Police published this story detailing the discovery by Trevor Eckhart of some serious security issues within HTC's more recent software. Three days after that HTC responded, and now, a further week or so later, we are seeing reports of an "important security update" being pushed to HTC Sensations throughout Europe.
Screencap by FG1234 of Android-Hilfe.de
While HTC does not specify exactly what the ~9 MB update addresses, the timing seems right to relate to the preceding story. Read More
HTC acknowledged the vulnerability in some of its devices that Android Police together with Trevor Eckhart posted Saturday night. The privilege escalation vulnerability currently allows a potentially malicious app that uses only the INTERNET permission to connect to HTC's HtcLoggers service and get access to data far exceeding its access rights. This data includes call history, the list of user accounts, including email addresses, SMS data, system logs, GPS data, and more. Read More
I am quite speechless right now. Justin Case and I have spent all day together with Trevor Eckhart (you may remember him as TrevE of DamageControl and Virus ROMs) looking into Trev's findings deep inside HTC's latest software installed on such phones as EVO 3D, EVO 4G, Thunderbolt, and others.
These results are not pretty. In fact, they expose such ridiculously frivolous doings, which HTC has no one else to blame but itself, that the data-leaking Skype vulnerability Justin found earlier this year pales in comparison. Read More
damageless and TrevE, the developers behind the DamageControl ROM which brings Android 2.1 to Sprint HTC Hero CDMA, have been silently working on a new version of the ROM for the last few weeks.
Yesterday night, the world saw the newly updated ROM v2.08 finally go live with the following changelog:
- New DConfig tweaker tool
- Theme Server
- New beefed up apps2sd. If any errors are encountered post /data/dcboot.log