The US’ Federal Trade Commission has approved a final order settling charges that HTC America failed to take reasonable steps to secure its smartphone software.
Under the deal, the Taiwanese company will have to develop and release software patches to fix vulnerabilities in millions of their devices. Moreover, HTC is also required to establish a comprehensive security program to address security risks during the development of its devices and to undergo independent security assessments every other year for the next 20 years.
In addition, the settlement prohibits HTC America from making any false or misleading statements about the security and privacy of consumers’ data. Violations of the consent order may be subject to civil penalties of up to $16,000 per violation.
Among the vulnerabilities found in HTC’s devices are insecure implementation of two logging applications — Carrier IQ and HTC Loggers — as well as programming flaws that would allow third-party apps to bypass Android’s permission-based security system.
Needless to say, HTC along with its network operator partners are working to deploy the security patches as we speak…