HTC Settles In Court Over Carrier IQ Case

HTC has settled with the Federal Trade Commission (FTC) in a suit over the company logging customer data.

The company got in trouble in December 2011 when it was revealed that HTC’s logging software, Carrier IQ and HTC Loggers, were logging customer data insecurely, causing security breaches and exposing its customers to malware.

The commission ruled that HTC “failed to employ reasonable and appropriate security practices in the design and customization of the software on its mobile devices,” a press release on the case states. It also charges that the company did not adequately train its engineering staff on security procedure, failed to test security vulnerabilities on its products, did not “follow well-known and commonly accepted secure coding practices” as well as not establishing a “process for receiving and addressing vulnerability reports from third parties.”

The FTC points to the insecure logging done by Carrier IQ and HTC Loggers as the culprit, in addition to programming flaws that allowed third-party applications to bypass Android security. The commission claims that these flaws compromised the security of millions of HTC phones. These flaws potentially allowed applications to record audio, send text messages and install more malware on the device. This malware, the FTC claims, could access sensitive information stored on the phone, such as bank account numbers, passwords, medical information, the contents of text messages and even geolocation information. It also alleges that HTC was deceptive in its user manuals for HTC Android-based phones.

As part of the settlement, the FTC is requiring HTC to develop software patches that will fix the “vulnerabilities found in millions of HTC devices. In addition, the settlement requires HTC America to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.” The settlement also prohibits HTC America from “making any false or misleading statements about the security and privacy of consumers’ data on HTC devices.”

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics