HTC settles flimsy security charges with FTC

Handset maker promises to give customers more robust protections

The US arm of handset maker HTC has settled charges that it failed to properly secure customer handsets.

The US Federal Trade Commission (FTC) said that it had agreed to a deal which will settle claims that HTC America put users at risk by equipping handsets with inadequately protected software that contained multiple security vulnerabilities.

According to the FTC, the handset maker had introduced software components which, among other things, failed to adequately isolate sensitive user data and prevent applications from accessing critical components on the device.

Due to HTC's failure to secure its handsets, the FTC claimed that the company left millions of users vulnerable to malware attacks including data harvesting tools and premium-number dialers which subscribed users to pay services without their knowledge or consent.

Under the terms of the settlement, HTC will establish a secure development programme which will seek to catch and address the sort of vulnerabilities outlined in the FTC complaints before devices reach consumers.

Additionally, the Commission said that HTC will be implementing an organised patching programme to update handsets which may still be vulnerable to attack.

The FTC has been moving in recent months to made mobile security a top priority. Experts have have noted that the mobile malware market is booming, with new samples continuing to pile up in record numbers.

Late last year, the FTC issued an informal set of security and privacy guidelines aimed at mobile app developers.