Bill Ray writes:
A data logger pushed out by HTC to Android handsets has opened up a vulnerability allowing any app with internet permissions to access private customer information.
The vulnerability was spotted by Trevor Eckhart, who informed HTC about it and waited five days for a response. Following that he decided to go public and gave Android Police the details along with demonstration code and a video showing how an application that is supposed to see almost nothing can now see almost everything.
Read more on The Register.