updated 07:35 pm EDT, Tue October 25, 2011
HTC Evo phones get privacy fix at Sprint
Sprint on Tuesday sent notice that it was the first carrier to push a broadly available fix for the major privacy hole in HTC's Android phones. Evo 3D, Evo 4G, Evo Design 4G, Evo Shift 4G, Evo View 4G, and Wildfire S owners on the network are now getting an over-the-air upgrade. Users will get the notices in stages, although anyone can push the update sooner by checking in HTC's software updates.
The exploit was found just at the start of the month and drew alarm for just how much it made accessible. HTC's initial code let any Internet app get private logs. At least theoretically, the vulnerability would let a maliciously coded website or app target HTC phones and get a wide range of personal information being tracked in HTC's unusually detailed logs. It would even allow a successful hack to remote control the phone through the presence of a VNC tool.
Neither HTC nor Sprint has said what exactly the fix involves, although it most likely involves toughening app permissions to prevent outside access to logs. Other concerns, like the depth of the logs, are still uncertain.