This post has been updated.
A researcher has found a potential security flaw in popular HTC smartphones that exposes sensitive user data, including emails, text messages and GPS locations.
The flaw found by security researcher Trevor Eckhart affects users of the HTC Thunderbolt and the HTC EVO 3D and 4G, among others, which run on the Android operating system. Eckhart found that a new software update issued by the company installs an application that collects user data and shares that data with other Android applications on the phone with Internet access.
"It's like leaving your keys under the mat and expecting nobody who finds them to unlock the door," Artem Russakovskii wrote on the security blog Android Police.
In a statement, an HTC spokeswoman said the company "takes our customers' security very seriously, and we are working to investigate this claim as quickly as possible. We will provide an update as soon as we're able to determine the accuracy of the claim and what steps, if any, need to be taken."
In July, the Taiwanese cellphone maker reported that second-quarter profit and revenue more than doubled from the previous year. HTC Thunderbolt was outselling Apple's popular iPhone 4 in many Verizon store locations, BTIG analyst Walter Piecyk said in March.
Eckhart's finding is just the latest in a string of potential vulnerabilities discovered in mobile devices. Last week, the tech blog BGR.com revealed a security flaw that allows users to bypass the password that locks AT&T's Samsung Galaxy SII smartphone.
In recent months, security experts have expressed particular concern with Google's Android operation system. In May, researchers in Germany found that users running Android versions 2.3.3 or lower could be vulnerable to hackers who access unencrypted Wi-Fi networks to view their calendars, photos and contacts.
Last month, the security firm McAfee reported that Google's Android operating system was the most popular target for mobile malware developers during the second quarter of this year. Meanwhile, the security firm Symantec released a white paper in June that noted that Google's model for vetting apps on Android devices was "less rigorous and consequently, less secure" than Apple's iOS platform.
Updated to include a statement from HTC.