HTC America has agreed to settle the charges brought against it by the US Federal Trade Commission (FTC). The FTC has been unhappy with the fact that the mobile device manufacturer has failed to properly secure the millions of devices it has sold.
HTC has agreed to release software patches to fix all the security holes and to establish a comprehensive security program. As part of this program, the company will address all security-related issues during the development phase of its devices.
In addition, it will be evaluated every other year by an independent security assessment body for the next 20 years.
According to the FTC’s complaint, HTC failed to provide its engineering staff proper security training, failed to establish a process for receiving vulnerability reports from third parties, failed to follow secure coding practices, and failed to test its software for security holes.
Besides the dangerous vulnerabilities that could have been leveraged by cybercriminals to install malware onto mobile devices, the FTC also found that the user manuals for Android phones contained “deceptive representations.”