HTC Wi-Fi Security Flaw Highlight Android Concerns

The flaw in certain HTC Android phones can expose Wi-Fi passwords and leak user information, but HTC says it found a fix.

Through the hole, users' Wi-Fi credentials are vulnerable to any program with basic Wi-Fi permissions. From there, an application designed with data-grabbing permissions could absorb stored information like user names and passwords, and send it to a third-party. No users so far reported any issues with leaked information.

The HTC weakness was first discovered by security researchers Chris Hessing and Bret Jordan back in September 2011, and HTC released its statement on the fix on Tuesday.

The mobile security breach signals nearly all top-tier manufacturers and software makers are still grappling with security issues.

In an age when smartphone users often store sensitive information on their phones, potential for leaked personal information is a disturbing thought. The HTC Wi-Fi issue is the most recent instance of potential data leakage, but it's not the first time HTC and Android have experienced security concerns.

But as word begins to spread about such leaks, it could push consumers away from using HTC and Android. Android's reputation could suffer as news of security flaws build, which will likely hinder Android phone makers, especially as they try to make inroads in the security-conscious enterprise market.

And in a search for a more trusted device, they may wander over to main competitor Apple. The iPhone's iOS has garnered acclaim for its security. Since the same company is in charge of software and hardware, security gap possibilities are reduced or easily resolved.

In the HTC security flaw, affected devices include: Desire HD, both "Ace" and "Spade" board revisions (versions FRG83D, GRI40); Glacier (version FRG83); Droid Incredible (version FRF91); Thunderbolt 4G (version FRG83D); Sensation Z710e (version GRI40); Sensation 4G (version GRI40); Desire S (version GRI40); EVO 3D (version GRI40); EVO 4G (version GRI40).

After discovering the problem, Hessing and Jordan worked with vendors in a series of conference calls to develop a response and helped craft a public disclosure timeline. Google made changes to the Android code to better protect saved information, and HTC distributed an update.

Most phones received the fix through regular updates, but some phones will need to have the fix manually downloaded, according to HTC. The manufacturer doesn't specify which devices need manual installation, but says there will be more information on its support site next week.

As more devices hit the market from top companies focusing on besting competition with the latest feature, concern grows that this race to the shelves is at the cost of data security.