The FTC settled its claims that HTC sold millions of mobile devices using the Droid and Microsoft software because the devices were not secure. The FTC’s Complaint specifically identified “potential exposure of sensitive information and sensitive device functionality through the security vulnerabilities in HTC mobile devices, consumers are at risk of financial and physical injury and other harm,” and among other things:
...malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including financial account numbers and related access codes or personal identification numbers, medical information, and personal information such as text messages and photos.
Sensitive information exposed on the devices could be used, for example, to target spear-phishing campaigns, physically track or stalk individuals, and perpetrate fraud, resulting in costly bills to the consumer.
Misuse of sensitive device functionality such as the device’s audio recording feature would allow hackers to capture private details of an individual’s life.
The NY Times reported that this was “first attempt by the commission to police a manufacturer of mobile devices.”
The FTC has invited interested parties to submit comments about the settlement through March 22, 2013, so it remains to be seen if HTC is out of the woods on the security problems.