HTC has confirmed the existence of a sizable security flaw in some of its phones, originally found on Sunday by Android Police. While the company says the hole shouldn’t present a problem if users steer clear of shady apps, the company is working on a patch to close the vulnerability, and will push it out to affected owners.

The security hole comes from an application package titled HTCLoggers.apk, which is part of HTC’s Sense UI. That app tracks information, including GPS location, e-mail addresses, and phone numbers, on high-profile phones including the HTC Thunderbolt and EVO 4G. Android Police discovered that any application that had Internet permissions (that is, any application that needs to connect to the Internet for any reason) could access this log, and even forward the data it contains to their own remote servers.

The team that discovered the flaw contacted HTC September 24, but the company didn’t acknowledge the problem until October 3. After investigating, HTC has decided the flaw does need fixing, stating that a "third party malware app" could exploit it, though doing so could violate civil and criminal laws.

HTC states that it wants all customers to be "aware of this potential vulnerability," though it doesn’t know of any customers who have been affected by it as of yet. A patch will be released soon following a "short testing period" by carrier partners, though HTC gives no specific time frame or details on the fix. When ready, the patch will be pushed over-the-air to customers. In the meantime, if you are concerned about your phone’s well being, rooting it and deleting HTCLoggers can solve the problem.