HTC America has settled with the FTC (Federal Trade Commission) over concerns that the company put millions of customer's personal information at risk with insecure implementations of software on its devices. The FTC found that HTC did not take a reasonable amount of care in implementing best coding and security practices when creating software for its devices, having this to say:
"[HTC] failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties."
Those are some pretty strong words for the company, but where it really hits home is the consumer-facing issues that were caused by this lack of oversight. The FTC explains that HTC's implementation of Carrier IQ and HTC Logger on its devices left customer data vulnerable to attack, alongside errors that would let third parties bypass Android's built-in permissions system.
The second part of the FTC's complaint is that it finds HTC was deceptive in telling consumers about the security risks of its software implementations, stating that the device user manuals and interface of the "Tell HTC" app were misleading. Both of these issues in implementation are said to have undermined the normal consent mechanism of Android that would have kept user's data safe.
So what does this mean for HTC? The FTC is requiring that the company develop and release software patches for its devices that are affected with these vulnerabilities, and HTC has said that it has already released some patches at this point. Furthermore, HTC will have to submit to "independent security assessments" every 2 years for the next 20 years. HTC will also be forbidden from making misleading statements about the security of its devices and user's data going forward.
This is a pretty big finding from the FTC, but isn't necessarily uncommon. Although their may not have been widespread exploits that were taking advantage of these security holes, it's important that HTC is going to be making changes to help security going forward. Though we would have preferred if HTC was implementing best practices in the first place, rather than it coming to an investigation by the FTC.
Source: FTC
Have you listened to this week's Android Central Podcast?
Every week, the Android Central Podcast brings you the latest tech news, analysis and hot takes, with familiar co-hosts and special guests.
We may earn a commission for purchases using our links. Learn more.
Samsung Galaxy Buds Pro review: The new best
Samsung's aiming squarely at the AirPods Pro with the new Galaxy Buds Pro, but it's done something better: it's made one of the best-sounding wireless earbuds you can buy.
Soundcore Liberty Air 2 Pro review: Sounds about right
Soundcore isn't a household brand just yet, but Anker's headphone division is making a name for itself as the producer of the best-sounding true wireless earbuds under $150.
Did you pre-order the Galaxy S21?
Pre-orders for the Galaxy S21 are open right now! Did you pre-order the phone already or plan on doing so soon?
Block ads, trackers and even some malware with the best Chrome ad blockers
Pop-ups, banners and video ads are at the very least annoying, but many also harbor malware. Here are some ad blockers to help cut through the noise.