The Federal Trade Commission announced Friday that it had settled charges that HTC America had inadequately secured its smartphones and tablets, leaving sensitive user information vulnerable to malicious programs.
Regulators said that HTC had modified the operating systems on its mobile devices, adding features that left customers vulnerable to applications that can secretly collect information such as call logs and location data. The case highlights growing concerns that the fractured nature of popular smartphone platforms, in which manufacturers customize Google’s and Microsoft’s operating systems, can leave an opening for hackers.
Many owners of HTC products received patches to plug security holes after the issues came to light in 2011. The company said in a statement Friday that it is working to update the rest of the phones.
The FTC declined to comment on whether it is investigating other handset makers over similar concerns, but said the case is just one piece of the agency’s look at mobile security and privacy issues.
Last month, the agency released guidelines for mobile app developers on the best ways to notify users about their data and privacy policies, and it has advised smartphone makers to think about ways to test, address and respond to security issues during the development process.
“It’s important that they think about security by design,” said Nithan Sannappa, an attorney in the FTC’s Bureau of Consumer Protection.
As part of the settlement, HTC America must establish a comprehensive security program. It is also prohibited from making false or misleading statements about its security.
The settlement is another blow for HTC as it fights to regain lost smartphone market share.
It was the first to offer an Android phone and once manufactured the most popular phones for the operating system. But the company’s market share has fallen steeply in the face of competition from Samsung and Apple.
At the end of 2012, HTC had 32 percent of the world’s smartphone market, down from 46 percent in 2011.