• by Wendy Davis  @wendyndavis, July 2, 2013

The Federal Trade Commission and smartphone manufacturer HTC have finalized a settlement that requires the company to implement a host of new security measures, regulators said on Tuesday.

The deal stems from allegations that HTC shipped smartphones with bugs that potentially compromised consumers' privacy. Among other glitches, HTC allegedly shipped millions of devices with diagnostic software created by the company Carrier IQ, but failed to disable a code used in testing.

“Because of that mistake, all of the sensitive user data logged by Carrier IQ was also written to the device’s system log, which was accessible to any third-party app with permission to read it,” the FTC's Bureau of Consumer Protection said in a blog post earlier this year.

The manufacturer also allegedly installed Carrier IQ in such a way that many third-party apps could access users' keystrokes -- which would give the apps access to the phone numbers users' called, browsing histories and other data.

HTC also loaded the phones with certain apps that were capable of leaking sensitive data to other parties, according to the government. “HTC per-installed a custom voice recorder app that, if exploited, would give any third-party app access to the mike even if the app hadn’t asked for the user’s permission,” the agency blogged.

The settlement that was just finalized requires HTC to issue software patches to repair the security glitches. HTC also agreed to establish comprehensive security program, and to undergo biennial security audits until 2033.

Controversy surrounding Carrier IQ's software erupted in late 2011, when a researcher posted a video clip that appeared to show the software logging his keystrokes. Carrier IQ consistently denied logging keystrokes, but acknowledged that an unintentional glitch allowed some SMS messages to be collected. The company says those messages were never decoded or made available in “human readable” form.

The case against HTC isn't the only fallout from the controversy over Carrier IQ's software. Last week, the Federal Communications Commission voted to impose new privacy restrictions on carriers, largely due to the 2011 news about Carrier IQ's software. The FCC's new rules make clear that carriers must protect the privacy of people's telephone activity regardless of whether they use wireless devices or landlines.