Make that a gigantic, gaping security flaw. That's according to a new report from the website Android Police which says the vulnerability exposes phone numbers, GPS, text messages, email addresses and more. Any rogue app, and there are a lot of them on the Android ecosystem, can get into a lot of private information. The blame, says Android Police, is firmly on HTC, which built the phones with this baked in problem. If you have an EVO or Thunderbolt phone, it's time to get pretty concerned about what's going on here. Android Police says the problem dates back to HTC updates:

In recent updates to some of its devices, HTC introduces a suite of logging tools that collected information. Lots of information. LOTS. Whatever the reason was, whether for better understanding problems on users' devices, easier remote analysis, corporate evilness - it doesn't matter. If you, as a company, plant these information collectors on a device, you better be DAMN sure the information they collect is secured and only available to privileged services or the user, after opting in.

That is not the case.

Follow John Moe at @johnmoe