The Federal Trade Commission announced today that it has settled charges that HTC America – a leading mobile hardware developer – failed to take appropriate steps to secure software it developed and installed on mobile devices running the Android and Windows operating systems.
The 8-page FTC complaint sets out a number of allegations regarding HTC’s security practices. According to the FTC, much of the conduct relates to HTC’s business decision to tweak or customize the operating systems installed in its devices. While this customization allowed HTC to differentiate itself from its rivals, it also created security vulnerabilities for consumers. The FTC alleges, among other things, that as consequence of HTC’s actions millions of devices were left open to malware attacks, “all without the user’s knowledge or consent.” The complaint ultimately concludes that because of the “potential exposure of sensitive information and sensitive device functionality through the security vulnerabilities in HTC mobile devices, consumers are at risk of financial and physical injury and other harm.”
The consent order entered into by HTC requires the company to develop and implement a comprehensive data security program, and prohibits it from making any false or misleading statements about the security and privacy of consumers’ data on HTC devices going forward. HTC is also ordered to develop and ship software patches to affected consumers to fix software vulnerabilities – a cutting edge remedy.
Also today, the FTC announced a public forum to take place on June 4th to discuss the consumer protection aspects of malware, viruses, and similar threats facing mobile device users.