As I was browsing on my HTC Windows phone, looking at recent news stories related to privacy, what should I come across but an article written a few days before about FTC charges against none other than the maker of my phone, HTC. It turns out that this case represents the FTC's first case against a mobile device maker!
HTC America, Inc. is one of the leading manufacturers of smartphones that use the Android, Windows Mobile, and Windows Phone operating systems. HTC makes over 18 million of these smartphones, making it one of the largest sellers of smartphones in the United States. The FTC charged the manufacturing company with failing to employ reasonable and appropriate security practices in the design and customization of software on its mobile devices and with engaging in unfair or deceptive trade practices in violation of the Federal Trade Commission Act, 15 U.S.C. Section 45(a).
Apparently HTC had used software in its Android and Windows phones in ways that allowed third party applications to install software that could be used to steal personal information, send malicious text messages without the consent of the user, and even use the device's microphone to record the user's phone calls. According to the FTC's business blog, the company failed to design its products with security in mind. "For example, HTC didn't test the software on its mobile devices for potential security vulnerabilities, didn't follow commonly acceptable secure coding practices, and didn't even respond when warned about flaws in its devices." HTC used "logging applications" that allowed third-party applications to access users' phone numbers, browsing histories, keys pressed, contacts' numbers, and other information. The Android operating system had in place security measures which asked permission to share specifically stated personal information with a third part application before the user downloaded that app. But because HTC pre-installed apps with no option to remove, the product undermined security measures that were supposed to be in place. The FTC's business blog says that HTC pre-installed a custom voice recorder app which could give any third-party app access to the microphone even without permission. This poses the danger of phone conversations being recorded or location being tracked all without knowledge or permission of the user.
According to the FTC, HTC did not employ reasonable and appropriate security practices in designing the software and that these practices were likely to cause (or have already caused substantial injury to consumers that is not offset by countervailing benefit and it therefore an unfair act or practice. Additionally, because the manuals for the HTC Android-based devices represented that information would be protected through the Android permission-based security model when that is not necessarily the case, the HTC's representation was false or misleading. Finally, because HTC represented that in the error report application location would not be added without permission when this was not always the case, this representation was also false or misleading. These unfair acts, according to the FTC, were in violation of the FTCA.
HTC recently settled with the FTC and has agreed to establish a comprehensive security program, cease making false and misleading statements about the security and privacy of user data, and also to deploy security patches to supplement the security on HTC phones affected by the settlement.
This was all very interesting to me as I was using my Windows based HTC phone. I do not know whether or how much these security breaches impact me or the use of my phone, but the unquestioning security I once felt while engaging in phone conversations or while entering my financial information for online purchases has been shaken. I think that from now on I will be more aware of the electronics I use and pay closer attention to the manual. But if we as consumers are being lied to by the makers of the products we most rely on, how can we adequately protect our personal information?
No comments:
Post a Comment