This is not good news if you are an HTC Android smartphone owner you need to pay attention. Apparently, a giant security flaw has surfaced that is common to all the Android devices HTC makes. The issue that allows for the exploit is something to do with a custom file HTC uses in Android.
The flaw apparently opens these devices up to allow anyone to copy all the data off the phone as long as they craft an app that asks for the right permission. The data could then be grabbed remotely by anyone since an app can open a network port on the device.
The key flaw is in the android.permission.INTERNET permission and when that permission is called into action, a nefarious app could access just about everything. That permission allows the theft of things like GPS location, email addresses, SMS logs, call logs, and any information in a currently running app. HTC is investigating now and promises a fix if they determine the issue is truly a threat.
[via Android Community]