"In recent updates to some of its devices, HTC introduced a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, or corporate evilness — it doesn't matter."That's because "any app on affected devices that requests a single android.permission.INTERNET (which is normal for any app that connects to the web or shows ads)" on one of these phones can now grab all sorts of interesting bits from the logged data (http://www.androidpolice.com/2011/10/01/massive-security-vulnerability-in-htc-android-devices-evo-3d-4g-thunderbolt-others-exposes-phone-numbers-gps-sms-emails-addresses-much-more/)

http://yro.slashdot.org/story/11/10/02/1829237/security-vulnerabilities-on-htc-android-devices