June must be the month when privacy issues leave their hibernation and return to trouble our fragile minds. First we had Flash
going loco, then AT&T's airwaves exploded with
iPad users' email addresses, iPhone 4 pre-orders started
sending people to the wrong account, and now this.
Boy Genius Report has come across a rather worrying "feature" of the HTC Sense bookmarking widget on the Incredible, which takes sporadic screenshots of your browsing sessions. That wouldn't be so bothersome in itself, but try to remove said pictures, and you find where the problem lies. Ending the browsing session, deleting your history, and even a
full reset to factory settings failed to eviscerate the indiscreet imagery. You have to manually discover their location and delete them by hand. Considering the high likelihood of
Incredibles being sold and resold for years to come, this could turn the phone into a little cache of treasure for the proactive identity thief. And since it's a Sense issue, it might be affecting other HTC handsets as well. Wunderbar.
posted June 17th 2010 3:22AM
Wow... Full factory reset and still there? That is one hell of a privacy issue alright.
@Shanebenn
Screen shots that show your user name and some dots for the password. Scandal I say!
Seriously, it's a big privacy concern, but don't think for a second that any malicious person could possibly do evil things with this. Please just name one.
@Mike10010100
I just checked this on my desire. It saves them to the SD card which is why a factory reset does nothing but you would format or remove the SD card when you sell it anyway. So this isn't an issue.
This article is stupid.
@Shanebenn
the entire point of factory reset is to delete everything in the internal memory and restore it to its original factory built settings. I guess HTC needs to learn how to implement such a basic feature.
@ratchetnclank
Wow. I mean, wow. Seriously? WTF? It saves it to an external SD card which you would keep, and doesn't even provide any useful information.
Wow. Way to overblow a situation, Engadget. News must be slow at 3:30 on a Thursday morning.
@ratchetnclank Well, the fact that it's saving them might be an issue enough, even if they were taking the wrong steps to correct the measure. Honestly, I was a bit surprised this was a Sense thing, when I read it I thought "Oh, God Google. What have you done now?" Thankfully, this ain't their shitstorm because I'm a bit of a fan of the big G.
@ratchetnclank
oh is it? the original article says that it saves them to the internal storage. If its the sd card then obviously the factory reset wont delete it.
@ratchetnclank
yet, this "feature" shouldn't be there in first place
@ssguy
Good thing it DOES delete all internal data. Stored on SD card for a reason.
@qbgabe12
Why shouldn't it? I like visual bookmarks from the last session. It makes the websites look updated and current.
@ratchetnclank I have a desire too, there's a .bookmark_thumb1 directory on the sdcard that can be deleted with a file manager if you want to. don't think this is actually a privacy matter, because the information is still on MY phone/sdcard, unlike the emails/ordering information mentioned earlier.
@Mike10010100
my bad... the article said that its the internal storage. wtf engadget atleast test it out b4 posting.
@Mike10010100 Hold your horses there. BGR reports the data's saved to internal memory on the Incredible.
@ssguy
And of course, without an edit button, I was unable to correct my harshly worded response after you posted again. Sorry.
@ssguy And the point of a SD card on a Android device is to save photos/music/videos/etc. So if by any issue you have to do a factory reset you rather loose everything you have, including your docs/MP3's/wtv, then just reload the default settings and keep your things?
@Shanebenn What a spectacular FUD article. No problem here, move along please.
@ssguy test what out? I think you should just read the article thoroughly before posting misleading information.
Where's Lord Vader commenting on how he "Senses" a disturbance in the Force?
@ssguy its on the sd card, and infact it appears in the gallery too, so you can delete them from there.
what a fuss over nothing
@RincewindWiz You're saying you've verified the particular behavior doesn't occur on your Droid Incredible? Because most of the 'debunking' going on here is based on people citing experience with their Desire or some other HTC handset.
@Vlad Savov
Wait... Doesn't Android read the Droid Incredible's internal memory as an SD card or expansion slot? Maybe that's why formatting doesn't delete these screenshots?
Just throwing that out there. Please correct me if I'm wrong.
@ratchetnclank
What if you remove the card. Where does it save them then and will a reset empty the 'other' place?
@juanvaldez what are you talking about every phone caches stuff some different methods than others but all none the less
@MastrCake Every Android phone with HTC sense comes with roise bookmark widget, that put's a widget on your home screen where you can see your favorite bookmarks, making it easy and faster to access them. The screenshots are only taken when you bookmark a page on your browser so you can have visual bookmarks like this:
http://phandroid.com/wp-content/uploads/2009/06/rosie-bookmarks-widget.jpg
Those screenshots are saved for the SD card, and a factory reset will never delete the content of your SD card. That's why those screenshots will never be deleted with a factory reset, but you can easily delete them using Astro explorer or pretty much any other app that allows you to browse your SD card. There's no issue here.
@Shanebenn How is the guy saying it saves it to your SD card and you dont sell it with that high ranked? Have you all gotten dumber overnight? follow the source link... It saves it to the internal memory, not the external memory as most android phones do. So it doesnt matter if you take the SD card out when you sell they are getting your browser history screenshots.
@Shanebenn
HTC. Quietly informant.
just to clear some of the confusion: the internal memory is called "sd" on android, which is why it's being confused with the external sd card so often
both of these are meant for the same thing - storing your stuff (music, photos, porn, browser bookmark screenshots, whatever) and neither are formatted with a factory reset
this thing is a non-issue - in fact it's a much appreciated feature
bgr wrote an ignorant sensationalist article and engadget unfortunately bought in to it
@Shanebenn
Someone with a Droid Incredible test this out- if it's on the SD card- nothing to worry about.
If it's not, still nothing to worry about, but will make deleting them much more annoying.
@Shanebenn I just tested it on the Incredible, it saves the screenshots to the SD card to a folder called bookmark_thumb1
@DeuX
Alright, thanks DeuX. You just cleared everything up.
Engadget should update this article now.
@DeuX
Aaaaaand there we go. Proof. Everybody happy? Excellent. Let's get back to some legitimate issues.
@Pickaxe
i did read the article which said its stored on the internal memory and posted a comment. But people who actually own the phone are saying that its stored on the sd card which is not an issue. So I reposted saying that engadget should have atleast tried it out with the Droid Incredible or any other Android phone with Sense UI. I m sure atleast one of em has an HTC Android phone.
Now does that make sense to u.
@ratchetnclank
If it is SD card, doesn't seem to matter as much. I thought it was saved in internal memory and that factory reset didn't delete it.
However, it shouldn't be hard for HTC to add an option to delete it from the SD card if it becomes a problem.
@ratchetnclank
If you red the source article at boy genius you would know that if does not save the files to the SD card, it saves them to the internal storage and thats is why this is a problem!
From Boy Genius
"The JPEG files are saved to a folder named .bookmark_thumb1 which is located within the emmc folder of the phones internal storage"
The security concern here is:
app data on android is usually private to the app if they reside on internal flash. however, since sd card uses vfat, there's no permission control: any app with general SD card access permission can read anything from anywhere on SD.
so in theory, I can write an android app that claim to request internet and sd card permission (pretty common for most apps), then start collecting said images from sense UI users...
@Shanebenn
Screenshot of the directory on my EXTERNAL SD card on my EVO 4G:
http://home.roadrunner.com/~a.baez/evo4gbookmarkjpgs.png
I'm going to assume that the Incredible is the same. Why would you store jpg's on the phone's internal memory anyway.
@Arnie
Except we've just had someone with an Incredible do the same test, only to find out that it is stored on the SD card.
@GaryZ
And do....what? Collect user names and dots for passwords? What sinister thing could someone do with this data?
@DeuX http://img265.imageshack.us/img265/9876/devicez.png
Just so you guys can see that those shots are in in the SD card.
Most users don't even know their phone has an SD card. They just buy it, it comes with XGB of storage, SD or not, that's what their phone has. They will more than likely leave the card in the phone when selling/giving it away.
So splitting hairs saying that it's an SD card not the internal storage is just fanboy bullshit. It should delete this data if you factory reset. The built in app puts it there, therefore you want it gone on reset.
@aldo
Replying to myself to say that all of the files are all easily deletable right in ASTRO.
@Arnie Yeah, and i opened that folder with Astro and guess what? It was empty and my bookmarks keep getting saved on the SD card.
@sortius
Wrongo. Factory resets should NEVER touch external data. An easy way to circumvent this issue when a customer turns in a phone is to remove the SD card, wipe the phone, wipe the card, and done.
@ratchetnclank
Agreed I have the HTC desire too and the images are stored on its sd card like the backup data, its not a security issue its an image for the multiple windows you can have open in the web browser or for a the favourites much like google chrome's new tab. If you are worried about people seeing what site you went too then delete the image at the same time as clearing the history
@sortius
"So splitting hairs saying that it's an SD card not the internal storage is just fanboy bullshit"
Really? So when these same clueless users are doing a factory reset to fix and issue and lose all their photos and music because of the new "wipe everything" setting you invented are you going to explain to them what happened?
The SD card is removable memory. If I factory restore my phones settings, which are not on the SD card, why would I want all my files to be wiped too? My phones backup of some settings and contacts also go to the SD...I should wipe my backups too?
Stop being contrary for the sake of it.
@sortius By your logic, if i reset my phone it should delete my photos on the SD card since they are in there cause the system said so. Understand this, SD card on a Android device is for save music/videos/fotos, etc, it should never be touched by a factory reset. Even when you do a wipe phone in the recovery rom, the SD card stays intact.
@ratchetnclank
An 800x480 screenshot of every page you visit is one hell of a space eater.
@TareG
Except they're actually 240x360 and are very low quality and at most are about 6-7kb.
@Shanebenn Has no one else noticed that the screen shot BGR provided is for the location Disk (H:) / .bookmark_thumb1... so external storage (SD card) not internal storage in the folder emmc.
Enjoy lying much do we BGR?
@Vlad Savov I just checked my Incredible, and I see these screenshots on the SD card, not the internal storage. It IS kind of annoying, since I'm not sure all of these are actual bookmarks, so I'm not sure where/when the screenshots are made. But the privacy issue is probably not as big as made out to be.
@Shanebenn
What if SD card is NOT installed? These pics have to be saved somewhere (perhaps internal memory), isn't it?