Smartphone manufacturer HTC has agreed to settle Federal Trade Commission (FTC) charges that the firm failed to take "reasonable steps" to patch security vulnerabilities in its products, thus putting information belonging to millions of customers at risk.
The United States FTC exists to "prevent business practices that are anticompetitive or deceptive or unfair to consumers".
The settlement requires HTC to release the appropriate software patches to plug potential vulnerabilities in millions of its smartphones. It also states HTC needs to "establish a comprehensive security program designed to address security risks during the development of HTC devices and to undergo independent security assessments every other year for the next 20 years."
It comes following several vulnerabilities that were found on HTC devices, including the insecure implementation of two third-party logging applications - Carrier IQ and HTC Loggers - used to track users in order to improve location-based services. The FTC also noted that programming flaws could allow third-party applications to bypass Android's security permissions.
According to the FTC, these vulnerabilities compromised HTC devices, permitting malicious applications to send text messages, record audio, and install additional malware onto devices without the knowledge of the user, potentially compromising sensitive data such as bank details or medical information.
HTC is already working on patches to comply with the FTC settlement, while devices running Android 4.0 or above are not affected by the security issues.
"Privacy and security are important, and we are committed to improving practices that help safeguard our customers' devices and data," said an HTC statement.
"Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the US released after December 2010. We're working to rollout the remaining software updates now and recommend customers download them once available."