HTC America has settled with the FTC (Federal Trade Commission) over concerns that the company put millions of customer's personal information at risk with insecure implementations of software on its devices. The FTC found that HTC did not take a reasonable amount of care in implementing best coding and security practices when creating software for its devices, having this to say:
"[HTC] failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties."
Those are some pretty strong words for the company, but where it really hits home is the consumer-facing issues that were caused by this lack of oversight. The FTC explains that HTC's implementation of Carrier IQ and HTC Logger on its devices left customer data vulnerable to attack, alongside errors that would let third parties bypass Android's built-in permissions system.
The second part of the FTC's complaint is that it finds HTC was deceptive in telling consumers about the security risks of its software implementations, stating that the device user manuals and interface of the "Tell HTC" app were misleading. Both of these issues in implementation are said to have undermined the normal consent mechanism of Android that would have kept user's data safe.
So what does this mean for HTC? The FTC is requiring that the company develop and release software patches for its devices that are affected with these vulnerabilities, and HTC has said that it has already released some patches at this point. Furthermore, HTC will have to submit to "independent security assessments" every 2 years for the next 20 years. HTC will also be forbidden from making misleading statements about the security of its devices and user's data going forward.
This is a pretty big finding from the FTC, but isn't necessarily uncommon. Although their may not have been widespread exploits that were taking advantage of these security holes, it's important that HTC is going to be making changes to help security going forward. Though we would have preferred if HTC was implementing best practices in the first place, rather than it coming to an investigation by the FTC.
Source: FTC
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
These are the best apps for your Android device — period
It can be difficult to find the "right" app when surfing the Play Store simply due to the sheer number of options available. Regardless of what type of app you're looking for, there's an app that can help make your life easier.
Want an Oculus Quest 2? Here's where to buy one!
The Oculus Quest 2 represents the future of wireless VR gaming systems. Here's where to buy one, and all the accessories you'll need for it, too!
V4 delivers a great dark fantasy MMO experience
This week, we're taking a look at a fairly recent game called V4. It's a free-to-play MMO, but that doesn't mean it's not a good time.
Grab a case and keep your Moto G Power motoring on for years
The Moto G Power is finally here and offers a rather surprising and impressive set of specs for the budget market. If you happen to pick one of these up, you won't want something to happen to it, so grab a case to go with the G Power.