HTC Settles With FTC Over Device Security Flaws
The company has agreed to patch existing vulnerabilities, address future security risks, and undergo regular security assessments.
The FTC recently announced that HTC America has agreed to settle charges that it "failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk."
"In its complaint, the commission accused HTC of failing to provide its engineering staff with adequate security training," writes CNET News' Marguerite Reardon. "The agency also claimed that HTC had not used 'well-known and commonly accepted secure coding practices.'"
"The commission's complaint against FTC noted multiple vulnerabilities found on HTC devices, including insecure implementation of the logging applications Carrier IQ and HTC Loggers, along with programming flaws that could let third-party applications bypass Android's permission-based security," writes Computerworld's Nancy Weil.
"The agency also alleged that HTC’s user manuals 'contained deceptive representations,'" writes Ars Technica's Cyrus Farivar. "The FTC said that the Tell HTC application, which lets users report errors to HTC, does not actually allow users to opt out of sharing their location, despite a displayed option to do so."
Under the terms of the settlement, HTC America will develop and release patches for vulnerabilities found in millions of HTC devices, will establish a comprehensive security program to address security risks during device development, and will undergo independent security assessments every other year for the next two decades.
"Two years ago, HTC briefly stood at the top of the U.S. smartphone market, but has since fallen behind Apple and Samsung and commands less than 10 percent of the market," notes The Huffington Post's Gerry Smith.
"In reaching the settlement, HTC America neither confirmed nor denied any of the allegations put forward by the FTC," notes ZDNet's Ben Woods. "'Privacy and security are important, and we are committed to improving practices that help safeguard our customers' devices and data. Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the US released after December 2010. We're working to rollout the remaining software updates now and recommend customers download them once available,' HTC said in a statement."