Regarding HTC Android Devices (EVO 3D, 4G, Thunderbolt, Others):
In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information.
Currently, any app that requests a single
android.permission.INTERNET
(which is normal for any app that connects to the web or shows ads) can get its hands on:
- the list of user accounts, including email addresses and sync status for each
- last known network and GPS locations and a limited previous history of locations
- phone numbers from the phone log
- SMS data, including phone numbers and encoded text (not sure yet if it’s possible to decode it, but very likely)
- system logs (both kernel/dmesg and app/logcat), which includes everything your running apps do and is likely to include email addresses, phone numbers, and other private info
Ouch.