HTC phones security flaw; EVO, Thunderbolt & others
Any installed app that has “Full Internet Access” permissions (which you would think is most if not all apps as they typically use a Net connection for their functionality) also has access to a lot what we might regard as private data including phone and sms log data (including phone numbers)
Many HTC phones have been identified as affected, including EVO 4G, EVO 3D, Thunderbolt, and Shift. Other HTC phones may be vulnerable too but that has not been confirmed. You can get in-depth technical information from “Android Police“
Right now there is no patch or workaround. My recommendation is that you only install or run “name brand” apps that wouldn’t unnecessarily have an interest in violating your privacy
via bbc.co.uk