HTC admits enormous security cock-up -

Taiwanese smartphone maker HTC has admitted there are serious security flaws in a range of its devices. 

Following the Android Police's work in unearthing a slew of serious potential exploits, HTC said in a statement that its users must exercise caution. It claims to have concluded the "HTC software itself does no harm to customers' data," that there "is a vulnerability that could potentially be exploited by a malicious third-party application".

The worry highlighted by the Android Police is that HTC seems to have put the tracking capabilities into its devices in the first place. As a result, by leaving cracks in the nuts and bolts, an interested malicious third party could get access to phone logs, emails, and even encrypted SMS messages - with a possibility of breaking them wide open.

"So far," HTC reassures customers, "we have not learned of any customers being affected in this way and would like to prevent it by making sure all customers are aware of this potential vulnerability."

HTC is refusing to provide users with a time frame, and until the update is released, urges customers to exercise extra caution. It promises that it's already working on an update, and that there will be a "short testing period by our carrier partners" before the patch is sent out. They will then be told they'd better download the patch, ignoring it at their peril. 

A warning, then, to remain wary of "untrusted" sources for applications and to monitor your device carefully.