HTC to Fix Mobile Device Security Flaws in FTC Settlement

HTC America Inc. must develop and release software patches to fix vulnerabilities found in millions of smartphones and tablet computers under a settlement announced today with the U.S. Federal Trade Commission.

The vulnerabilities placed sensitive information about millions of consumers at risk and potentially permitted malicious applications to send text messages, record audio and install additional malware without a user’s knowledge or consent, according to an FTC news release.

Malware placed on devices could be used to record and transmit information entered into devices, including financial account data and calendar entries, or get access to a user’s location, the commission said.

“We have addressed the identified security vulnerabilities on the majority of devices in the U.S.,” HTC said in an e-mailed statement. “We’re working to roll out the remaining software updates now and recommend customers download them once available.”

HTC America is the U.S. unit of HTC Corp., a Taoyuan, Taiwan-based handset maker that was the top maker of smartphones in the U.S. in the third quarter of 2011 before it lost market share to Apple Inc. and Samsung Electronics Co. It dropped off the list of the world’s five biggest smartphone vendors in the three months ended December.

The settlement requires HTC America to establish a comprehensive security program and undergo independent security assessments every other year for the next 20 years. HTC America and its partners are in the process of deploying the security patches required by the settlement, the FTC said.

It also prohibits the company from making false or misleading statements about consumer data security and privacy on HTC devices, according to the FTC release.

Before it's here, it's on the Bloomberg Terminal.