Browser privacy issue with DROID Incredible and HTC Sense UI widget?

incredible-browser-privacy

An astute reader stumbled upon an interesting bug with the HTC Incredible. The Incredible, with Sense UI, will periodically store screenshots of the contents of your web browser. The screen captures are a function of the HTC Sense UI bookmark widget and are not the main issue; temporary screen grabs are understandable. The problem is these JPEG files are extremely hard to get rid of. They remain when the current browser session is closed, they remain after you clear the browser history, and they remain after a full factory reset. The JPEG files are saved to a folder named .bookmark_thumb1 which is located within the emmc folder of the phones internal storage (so you would expect a full factory reset to delete them). We found some screenshots of us logged into Facebook, logged into our online banking website, and viewing several other mundane websites (see picture above) even after having completed a factory reset. We tested this on more than one stock, un-rooted HTC DROID Incredible and replicated it several times. While you can delete these images manually, information like this information should be nuked with a factory reset, no? To be honest, seeing a screenshot of our logged-in banking session after a reset was a bit unnerving. Any DROID Incredible owners out there seeing the same thing?

UPDATE: HTC has acknowledged the issue and says a fix is in the works.

Thanks, Ben Nargi!

blog comments powered by Disqus