Any installed app that has “Full Internet Access” permissions (which you would think is most if not all apps as they typically use a Net connection for their functionality) also has access to a lot what we might regard as private data including phone and sms log data (including phone numbers)
Many HTC phones have been identified as affected, including EVO 4G, EVO 3D, Thunderbolt, and Shift. Other HTC phones may be vulnerable too but that has not been confirmed. You can get in-depth technical information from “Android …

I’ve got the EVO and love it. However, when my contract is up, I’m definitely moving to Verizon

via bgr.com