In the past, G&E has pointed out some flaws in the software that HTC provides on the EVO line of devices. We've told you about the suspicious program malware, Carrier IQ, that is included with all HTC EVOs by default. The concerns over Carrier IQ are still present but now we have a new concern called HTCLoggers.
This may seem like a harmless .apk nestled in your /system/app folder; however, Trevor Eckhart (of Virus ROMs) has uncovered a scary vulnerability of this app. Keep reading for the full details and to see Eckhart's proof of concept app that shows what this vulnerability could lead to.
Here's the information at risk:
- the list of user accounts, including email addresses and sync status for each
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Even more info collected by HTCLoggers can be intercepted by any app that has an android.permission.INTERNET permission. That means any game that posts your high scores or any app that displays ads can access this information.
This seems highly unlikely, right?
Well, that's where Eckhart's proof of concept app comes in (link to app here). This bad boy has a single INTERNET permission located inside it, and guess what it finds. Yep, all of that important information we thought it would find.
In the video above, Eckhart is able to access his GPS location and his ESN without any special permissions. He explicitly states that his app works in the foreground, allowing users to see what information is being collected. However, it would take "two seconds" to make this happen in the background and be sent to a web server for misuse.
I may not be the first, but I think it is time to call out HTC for being reckless with their data collecting. Not only is HTC over-collecting data that they probably don't need, but they are also making it very easy for almost any app to collect that same information. Hell, who knows what apps may already be stealing this information!
There are two real questions here. What is HTC going to do about this? And how do I get this app off of my EVO?
Question one better be answered soon. This is class action lawsuit worthy, HTC! We at G&E love the EVO, but we sure as hell don't like seeing our data go to whoever feels like having it.
Question two is not as easy as hitting "uninstall," but you can protect yourself. It requires three steps. Beginners may want to check out our glossary.
- Gain S-OFF (i.e., make your EVO rootable) for your HTC EVO 3D or HTC EVO 4G.
- Flash a ROM that does not contain Carrier IQ or HTCLoggers. Here's a tutorial for those who need it.
- Enjoy the safe world.
Picking a ROM is a tough decision, but ou can always check the forums for the ROMs you are looking at because CIQ removal is usually located in the original post.
What if you like stock and root scares you? Root shouldn't scare you – there are many reasons to root (including not having your data stolen). Two OG EVO ROMs that are very close to stock, Swagged Out Stock and Smooth 'N' Sexy, do not include this malware. There are also many choices out there for Sense 2.1/3.0 users. ROMs for the EVO 3D have started to remove this app as well, and of course, AOSP ROMs like CyanogenMod and MIUI do not include this app.
Alternatively, after gaining S-OFF on your EVO, you could grab Superuser from the Android Market. Then you can use an app like Root Explorer (or the free ES File Explorer) to remove HTCLoggers manually (the file is located in the /system/app folder of your phone's internal memory, not your SD card). However, this will not remove Carrier IQ, which still sends private data to HTC.
Whichever method you choose, you will be safe from the HTCLoggers vulnerability. Above is a screenshot from my HTC EVO 4G running Swagged Out Stock. As you can see, there is no com.htc.loggers folder in /data/data. This means that there are no logs that apps can access and, thus, my EVO is safe.
Is your EVO safe?
Also, be sure to head over to /system/lib to remove the libhtc_loggers.so lib file. Also, go to /data/data and delete the com.htc.loggers folder. If you go to /data/data and do not see any files, your root file explorer app does not have root permissions. Fix that 
amazing… good thing I rooted about a month ago! But who knows who figured this out prior and was abusing it?
I used Root Explorer to rename the htcloggers.apk to htclogger.apk.bak instead of deleting it as a safety measure. The device immediately went into a force close loop for com.htc.loggers. I had to pull the battery to restart the phone. Once I restarted everything was running smoothly.
Thanks for the tip!
This affects the evo 3d too!!!
HTC had better throw 3d users a bone and us a full unlock so we can easily switch to freezas Cid/logging disabled kernels! What a bad time to have a tightly locked bootloader!!
Recommendation: cleanrom 2.5. I use freeza’s kernel instead of the included one. It is better for my phone.
This is pretty bad stuff from HTC. But unfortunately, I would expect a patch from them/Sprint anytime soon to fix it.
Glad that I’m running a custom ROM that has taken all of this crap out. I’ve really enjoyed using HTC products, but this certainly shakes my confidence in them. Are Samsung and Motorola phones suffering similar security issues?
Thanks for the article. I’m sure HTC and Sprint had no idea about this, and if they did, they would have Notified us Immediately. After all, our Privacy is of the utmost Importance to them!
Now back to Reality. I’m glad I’m Rooted, and running a custom ROM!!
Nowhere it says anything about using Titanium Backup….
but here is what i did anyways… someone tell me if this wont work..
u froze the app in question with Titanium backup…
then i use root explorer and renamed the HTClogger.apk to DieHTClogger.apk
at that point the htcloggers app force close and i was fine…
i know it makes no sense to freeze the app before i renamed it… but i figured if that piece of software is somehow back after i install any future updates, if its comes back, that it would not launch…
I’m glad I have intrusted Sprint & Google with my information, even tho you sold our information to government and private contrators and the such and we are being tracked with spy tec, thanks from all of us to the one world government, I like the front faceing camera u can always see me …ps can you get your knife out my back …thanks in advance
Hat’s off to Trevor!
I’m wondering if the HTC announcement a month or so ago regarding Registering your device in order to Root, would still enable HTCLoggers to operate, whereas when you Root on your own, and install a custom ROM, it disables it.
If so, this may be one of the reasons HTC and/or Sprint wanted you to ‘register’ your device, because they would have a way to keep HTCLoggers active. I’m not sure this is even possible, which is why I’m just throwing out the idea.
Want to make this clear. This is specific to newer HTC phones. It is part of Sense. So if youre using AOSP, youre good. Be sure to warn your Thunderbolt and Sensation using friends as well. (i.e. This is not specific to Sprint, only HTC)
Using these methods will stop further data collection. However, it should be noted that you should head over to /data/data and remove the /com.htc.loggers folder. This is important!
Jeez Louise…this is a bummer. I’d root, but I am so, so scared of bricking my phone I’m terrified to even try.
Sucks. (And, I’m an idiot when it comes to technology. I’ve looked at the some of the tutorials. Still waaaaaaaaaaaaaay too far over my head.)
Wait a sec, based on how this works, technically, could someone connect to the open port on your phone and pull this data? (if they knew your IP)
“someone” meaning someone over the internet/wifi
Think you would need an app with specific malicious code embedded in the app. But it appears possible.
Probably people who crack paid apps and repack them. I’ve seen an instance of a downloaded app wanting a lot more permissions than its free trial version. Needless to say, I stay away from them now.
What about the file system/lib/libhtc_loggers.so? Should that be removed too?
May not be necessary. But since you removed the app, this lib is useless. So yes, delete it.
Wonder if they can tell I shattered my Evo yeasterday, have a case on it for a over a year then take it off for a day and BAM!
what makes me think this though, is when I use the app on my phone(my ROM does not have the htc logger), I get an error, 127.0.0.1, connection refused. Which makes me think it uses tcp/ip to pull the data. So if htc logger allows non-local connections… ummm, even avoiding all apps that have the internet permission will not protect you.
Anyone with htc logger on their phone want to test this?
I am running MikG. There is nothing at all in /data.
/system/HTCLoggers does not exist.
I can only assume (but am checking to confirm) that the ROM developer kindly kept this out of the mix.
A nice solid blob of modeling clay stuffed into the front-facing camera hole of my Evo’s case works nicely.
Unfortunate that our increasingly technological lives raises the level of mistrust and makes necessary precautions to protect privacy and basic human rights.
/data/data is empty ,what does that mean?
Does anyone know if Fresh has these installed/enabled?
Everyone take this moment to read up on this information because this will help all of our evo family of device owners. Regardless of this mistake which all it is htc will be sending and update to deal with this problem. Let’s educate ourselves.. http://m.androidcentral.com/htc-collecting-data-us-phones-htc-sense-storing-it-very-sloppy-way-security?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+androidcentral+%28Android+Central%29
It means your root file explorer does not have root permissions. Fix that
Can’t access the camera, just your personal info and location. Although if HTC keeps leaving holes open like this, then the cameras may be next :O
hmm… my wife has the evo 4g shift. I told her not to download anymore apps or update her apps just in case. Not that will provide any protection if her phone is compromised, but heck.. I’ve never seen a method to root the evo 4g shift. I rooted my evo4g with the swagged. happy. What do you think is the best course of action until some sort of official patch is released? Turn off the phone, store up food and ammo?
I didn’t read the whole diatribe in the link, but it sounds like the same BS we all heard from an HTC rep on this site regarding Carrier IQ.
Funny how First it takes some really smart people to find out about this and Carrier IQ, and then HTC goes into their PR BS mode, after the cat’s outta the bag.
Btw, many of us have taken care of their ‘mistake’ already, or are in the process of doing so Ourselves.
HTCLoggers is a part of Sense. Whichever way you go to unlock bootloader (revolutionary.io for early hboot or htcdev for hboot 1.50), Sense is still installed and you’re running 3 separate programs that track everything.
If you flash a new ROM you get rid of ‘em… although with the htcdev route you’re stuck with the stock kernel, which might have something in it… dunno
can’t access the camera “yet” – as far as we know you can get the program to execute arbitrary code at elevated privileges as, well, they left all the other doors open.
I’d say root the EVO 4G shift: http://forum.xda-developers.com/showthread.php?t=932153
Perm root appears to have been out for 10 months now.
Done, done and done! All compromised files deleted. Another huge benefit of being rooted
Root ftw!
I read the whole link.
I see HTC didn’t respond to this Disturbing Issue yet. The Propaganda Machine needs time to be put into motion. We’ll see if they learned anything from the BS response about Carrier IQ.
Opt Out, but you’re really In, and the data is not encrypted, etc. Yeah, just a mistake. I have my doubts, because a company like HTC is not that stupid, including their engineers, software writers, programmers, CEO, etc., etc., etc.
BREAKING NEWS!!! SPRINT OWNER DAN HESSE HAS PAID APPLE…20..BILLION DOLLARS FOR EXCLUSIVE RIGHTS TO THE IPHONE5.. IM SOOO FUCKN PISSED NOW CUH I SEE HOW THIS IS GONNA TURN OUT FOR US EVO USERS…GUESS IT’S TIME TO JUMP SHIP..HERE’S THE LINK TO THE ARTICLE.. IT’S SAD TO SEE HOW SPRINT DOESN’T BELIEVE IN THE EVO FRANCHISE…. http://www.pcmag.com/article2/0,2817,2394047,00.asp#fbid=8IyMXsLSoIK
For those worried about root I rooted my Evo a few days after release and overclocked it to 1.19 it has worked perfect. I tried different kernels to try to get it to run at 1.2 but no luck but big deal not any difference but I do know it is running as fast as it can. It has only crashed a few times in the FLA sun at a 110+ heat index again no big deal my brain falters right along with it! It is working harder than me blasting streamed music to my bluetooth headset. I can remedy that by setting a filter to declock it in set cpu. By the way CalKulin roms are clean of those files
Forgot to thank you for a great article I saw it somewhere elase earlier but no details I had planned on researching but with your good work I can have a beer instead Thanks
Ah…. the kernel, that is the unknown factor?
Thanks for that.
Many of us thought Sprint and Hesse starting to take us to the cleaners had something to do with Apple and Jobs.
Now we have proof.
I try to stay away from apple as far as I can, now Hesse throws it in our faces!!
Hey, LightSquared is paying 20 Billion to Hesse, and Hesse gives 20 Billion to Jobs…… Hmmmm…
I switched to Swagged Out Stock from rooted stock and the files were still there. Had to manually delete them.
If you grabbed version 1.9.0.0 from the forums, yeah that still has loggers. A new version will be posted in a week. Or you can grab it now from xda. Search xda swagged out.
I saw the article the other day about the HTC announcement regarding this breach of trust.
I stand by my previous comment, and the BS Propaganda Machine is in Full Operation once again.
question: does removing my loggers (as stated above & i have done), make my phone constantly ask me to choose between the sense launcher & go launcher ex? ’cause it does; i check to make go launcher my default & it still does it. anybody else? advice?
thank you.
p.s. i also get the htc.loggers force close pop-up…that’s normal, right?