HTC Settles with FTC Over Security
The U.S. Federal Trade Commission today revealed that HTC Americas has settled with the government agency over complaints that it failed to take adequate measures to secure its devices from third-party programs. Under the terms of the settlement, HTC has agreed to develop a software patch for all the affected devices (millions of smartphones and tablets) within 30 days, to develop an in-house security program to prevent future breaches, and to be audited by the FTC over its security protocols every other year for the next 20 years. According to the FTC, HTC "failed to provide its engineering staff with adequate security training, failed to review or test the software on its mobile devices for potential security vulnerabilities, failed to follow well-known and commonly accepted secure coding practices, and failed to establish a process for receiving and addressing vulnerability reports from third parties." The software patches will be distributed by both HTC and its network operator partners.