An urgent update for some HTC smartphones is to be released soon, following the discovery of a vulnerability that could share sensitive user information with malicious app developers.
Users' GPS location history, call logs, SMS data and email accounts could be obtained by malicious applications when they ask for access to the internet - a common request from legitimate apps; the flaw was found by The Android Police blog.
A spokesperson said: "HTC is working very diligently to quickly release a security update that will resolve the issue on affected devices.
"A third party malware app exploiting this or any other vulnerability would potentially be acting in violation of civil and criminal laws. So far, we have not learned of any customers being affected in this way and would like to prevent it be making sure all customers are aware of this potential vulnerability."
The patch will be released shortly, once it has been thoroughly tested by HTC, and will be pushed over the air to affected users like a regular software update.
HTC has not yet confirmed which models of phone are at risk, but, according to the BBC, it is understood that the EVO 3D, EVO 4G, Thunderbolt and potentially the Sensation range are all susceptible to the problem.
Rogue apps can gain access to a certain file, which contains all of the personal information listed above. This sensitive information is then sent to the application servers, and potentially back to the app developer.
HTC added: "In our on-going investigating into this recent claim, we have concluded that while this HTC software itself does no harm to customers' data, there is a vulnerability that could potentially be exploited by a malicious third-party application."