HTC admitted yesterday that several of its devices, including the HTC EVO 4G and EVO 3D, were affected by yet another security bug, which allowed any app that requested access to WiFi permissions to read WiFi usernames, passwords, and SSIDs.
However, Google and HTC seem fairly certain that no confidential WiFi information has actually been compromised: this bug was first reported privately to both Google and HTC over four months ago, giving both companies more than enough time to find the problem and roll out software updates to fix it. Additionally, Google completed an in-depth scan of the entire Android Market and found that no apps made use of this particular exploit.
So while it's comforting to know that both the EVO 4G and EVO 3D have been patched, it's still disconcerting to discover that a bug like this existed in the first place. Props to HTC and Google for taking action, but let's try to not have a repeat, ok?
[Android Police] Thanks, Jenella and David!