HTC agreed to a settlement with the FTC on Friday on charges that the company… (David Chang/EPA )
The Federal Trade Commission said HTC has agreed to settle charges that the Taiwanese phone-maker did not take the steps necessary to secure software used in millions of its smartphones and tablets.
Under the settlement announced Friday morning, HTC agreed to develop and install software patches to fix the vulnerability. The FTC charged that flaws in HTC's software and in the company's practices placed sensitive consumer information at risk of being exposed.
The federal agency said HTC did not properly train its employees, assess the security in its software, or have a process by which users, researchers and academics could notify the company of security issues.
This led the company to introduce its phones with "numerous security vulnerabilities" until at least November 2011, the FTC said.
PHOTOS: Tech we want to see in 2013
"Due to these vulnerabilities...millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent," the FTC said in a statement.
As part of the settlement, HTC is also required to start a comprehensive security program that will help it identify possible security risks in future devices. Independent security assessments will also be done on HTC every other year for the next 20 years.
HTC said it was committed to improving its practices to better protect user data.
"Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the U.S. released after December 2010," HTC said in a statement. "We're working to roll out the remaining software updates now and recommend customers download them once available."
3-D printing pen raises more than $1 million on Kickstarter
Google in talks with Warby Parker for its glasses [video chat]
Twitter, Tumblr, Pinterest user information exposed in hack attack