HTC America, a maker of smartphones and tablets that use Android and Windows software, has agreed to settle a U.S. regulator's charges it failed to take adequate steps to eliminate security flaws that put users' data at risk.
The Federal Trade Commission said in a statement on Friday that HTC America, a subsidiary of HTC Corp in Taiwan, made millions of phones with programming flaws that allowed third-party applications to evade Android's permission-based security model.
This means that the Android operating system, which normally requires users be provided notice if sensitive data is given to third parties like data brokers, was prevented from giving notice to users, according to the FTC.
Sensitive data includes location or the contents of text messages.
"HTC America failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities (and) failed to follow well-known and commonly accepted secure coding practices," the FTC statement said.
The settlement requires the company to establish a comprehensive security program and patch the software holes, the FTC said.
HTC spokeswoman Sally Julien said the company, working with carrier partners, has addressed the identified security issues on majority of devices released in the United States after December 2010.
"We're working to rollout the remaining software updates now and recommend customers download them once available," she said.
In a Twitter question-and-answer session following the news, the FTC said while this was not the first case on data security unfairness, it was the first that dealt with software security.
(Reporting By Diane Bartz and Alina Selyukh; Editing by Grant McCool)
Copyright 2012 Thomson Reuters. All rights reserved.