When TrevE over at XDA discovered almost a week ago now that a handful of HTC devices had a security issue, he did the right thing and reported it immediately to HTC. While the tech world attempted to make it sound like the world was coming to an end, HTC confirmed this morning that NONE of their customers have had data stolen or have been affected by this issue.
With that said, they also confirm that the issue does exist and will get an update released immediately after carriers test it:
HTC takes claims related to the security of our products very seriously. In our ongoing investigation into this recent claim, we have concluded that while this HTC software itself does no harm to customers’ data, there is a vulnerability that could potentially be exploited by a malicious third-party application. A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability.
HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices. Following a short testing period by our carrier partners, the patch will be sent over-the-air to customers, who will be notified to download and install it. We urge all users to install the update promptly. During this time, as always, we strongly urge customers to use caution when downloading, using, installing and updating applications from untrusted sources.
Just as we said in our write-up of this story yesterday, this is not as big of a deal as you have been led to believe. Sure, it looks really bad on HTC’s part for missing something that could potentially be dangerous, but since it was found and reported in the proper way by TrevE, a fix is already on the way.
The only thing you have to worry about now, is how long it will take Verizon to find this fix acceptable and then begin to push it to Thunderbolts. In the mean time, we will remind you for the 100th time – do not download shady apps for shady markets and you should be fine.