The Federal Trade Commission said HTC has agreed to settle charges that the Taiwanese phone-maker did not take the steps necessary to secure software used in millions of its smartphones and tablets.
Under the settlement announced Friday morning, HTC agreed to develop and install software patches to fix the vulnerability. The FTC charged that flaws in HTC's software and in the company's practices placed sensitive consumer information at risk of being exposed.
The federal agency said HTC did not properly train its employees, assess the security in its software, or have a process by which users, researchers and academics could notify the company of security issues.
This led the company to introduce its phones with "numerous security vulnerabilities" until at least November 2011, the FTC said.
"Due to these vulnerabilities...millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent," the FTC said in a statement.