Everyone should be concerned with their security -- especially when we're dealing with devices that can get lost, stolen or left in bars by accident. A piece at BGR calls into question bookmark thumbnails that aren't deleted on hard-reset on the HTC Droid Incredible. But the question is "Why?"
In an effort to stop any panic and FUD, let's break it down to see exactly what is happening, and see why it's not as big a deal as many are making it. Follow the break to see our take on the whole issue.
What is going on?
The HTC Sense browser is closely tied in with the rest of Sense. You know that nice bookmark widget that shows a preview of your pages? Those previews have to come from somewhere, and it only makes Sense (see what I did there?) to collect them from the browser during your browsing sessions.
Those are the images everyone is talking about. Yep. Those innocent looking browser thumbnails. All the speculation about HTC spying and stealing your info can be translated into HTC is caching small thumbnails to be used as bookmark images if you decide you want to use the bookmarks widget.
To make the whole situation worse (and likely the reason it got all blown out of proportion) is that on the HTC Incredible, the images are stored in internal storage. Remember that the Incredible has 6 gigabytes of storage built in (plus the microSD card for good measure). And the internal storage is where it's saving these images, instead of on the microSD card like on other phones. And just like any pictures, music and movies you might have stored there, these images aren't deleted when you wipe your user data.
Just like they aren't wiped on ANY other phone that stores media on an SD card.
The internal storage on the Incredible is in a completely separate area from your actual user data. Don't believe me? Plug your DInc into your PC, mount the Internal storage partition and look for a folder named emmc\.bookmark_thumb1\ . It will look just like the sdcard\.bookmark_thumb1\ folder in my example picture above. I don't have an Incredible or I would show you myself.
Is it a genuine security concern?
No, and yes. Many Android applications store images and other data on your phone's dedicated media storage area, which more often than not is on the microSD card. This is fine, and it beats the heck out of using up precious space for apps. The only time an issue could arise is if someone were to code an app that looks for the .bookmark_thumb1 folder and uploads the images somewhere. It can't do this without asking for permission (so read those app permissions when installing), and even if it could there's no difference between what the HTC browser is doing and what Firefox or IE is doing on your home computer. Internet cache saves processor time and battery life. We welcome it. To round it all up, passwords are saved as ****** on these thumbnails as well.
I still don't like it, so what can I do?
After each browsing session, delete the .bookmark_thumb1 folder with a file manager for a temporary fix. For a more permanent solution, delete the .bookmark_thumb1 folder, and replace it with an empty text file named .bookmark_thumb1. Put it in the same place where the original folder was, and this will keep the folder from re-generating. Kinda destroys the look of your bookmarks widget, but we always have a choice when using Android.
So relax, everyone. HTC isn't selling you up the river or trying to crack into your bank account. They don't care what internet sites you're surfing, and even if they did they aren't checking.
- Filed under: