Not too long ago, a blogger discovered a security flaw in some of HTC’s mobile phones. EVO 3D, EVO 4G, Thunderbolt, and possibly the Sensation–the phones hold a user’s GPS location and e-mail addresses, which are accessible to anyone granted with Internet permission. No log in or password required.

“HTC takes our customers’ security very seriously, and we are working to investigate this claim as quickly as possible,” the company said in a statement. “We will provide an update as soon as we’re able to determine the accuracy of the claim and what steps, if any, need to be taken.”

The file accessible through Internet sharing permission is called HtcLoggers.apk which contains a good deal of personal info. This includes:

• The list of user accounts, including email addresses
• A log of recent GPS locations
• Phone numbers taken from recent call logs
• SMS data, including recent numbers and encoded messages
• active notifications in the notification bar, including notification text
• build number, bootloader version, radio version, kernel version
• network info, including IP addresses
• full memory info
• CPU info
• file system info and free space on each partition
• running processes
• current snapshot/stacktrace of not only every running process but every running thread
• list of installed apps, including permissions used, user ids, versions, and more
• system properties/variables
• currently active broadcast listeners and history of past broadcasts received
• currently active content providers
• battery info and status, including charging/wake lock history

Trend Micro’s Rik Ferguson believes that the issue is nothing particularly difficult to solve and it can be fixed in no time.

“It sounds like something very simple to patch,” he told the BBC.
“They didn’t anticipate that kind of information would be of interest. It’s a lack of foresight rather than lax programming, I think. It should be something relatively easy to fix.”

HTC’s not the first. Earlier this year, Apple faced congress because of a similar concern. Apple was storing location data without user’s consent and fixed the issue with iOS 4.3.3 Software Update. Android’s got its share of class action lawsuit as well for the same reason. The difference of the two, however, is that Apple’s devices stores information but it doesn’t send the information to Apple. Android, meanwhile, does. These issues boil down to the fact the GPS is a problem, and not knowing your privacy settings will only add to the injury.