HTC to Upgrade Security in Smartphones Sold in the USA

Following a public comment period, the USA's Federal Trade Commission has approved a final order settling charges that HTC America failed to take reasonable steps to secure the software it developed for its smartphones and tablet computers.

The settlement with HTC America, announced by the FTC in February 2013, requires the company to develop and release software patches to fix vulnerabilities in millions of the company's devices.

To illustrate the consequences of these alleged failures, the FTC's complaint detailed several vulnerabilities found on HTC's devices, including the insecure implementation of two logging applications -- Carrier IQ and HTC Loggers -- as well as programming flaws that would allow third-party applications to bypass Android's permission-based security model.

HTC is also required to establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years.

In addition, the settlement prohibits HTC America from making any false or misleading statements about the security and privacy of consumers' data on HTC devices. Violations of the consent order may be subject to civil penalties of up to US$16,000 per violation.

HTC America and its network operator partners are also in the process of deploying the security patches required by the settlement to consumers' devices. Many consumers have already received the required security updates.