SprintCares As it is now official knowledge that the most current OTA is vulnerable to the [Heartbleed bug] (http://www.pcmag.com/article2/0,2817,2456507,00.asp) , what are your plans to protect the customer base? EOL the device and leave us to twist in the wind? Common knowledge that the last supposed update was scrapped as being to big to OTA. I realize that you are not the only carrier to keep devices up to date with the latest, but if you are going to have us sign 2 year contracts then please keep our data safe. Stop contributing to the Android fragmentation and start keeping satisfied customers. Sincerely, A Android Lover who's next device will be unlocked.
Almost 48 hours later and all I hear are crickets chirping. What say you Sprint? ARE YOU GOING TO FIX THIS ISSUE OR NOT? Novel idea if the stories are true about the last OTA being to large...............STRIP OUT SOME BLOATWARE AND FIX THE ISSUE!!!! We do not need Sprint Music, Sprint Zone, Twitter, Facebook, TuneIn Radio etc. These apps are available in the Play store for us to download if so chosen. Save yourself the grief of testing compatibility with the bloat and patch the phones with the latest available Android. I am under contract until 10/2014, but with this crap and the spotty coverage (I have to have a Airave in my own home) guaranteed you will continue to bleed customer base. I signed a 2 YEAR contract. Uphold your end of the bargain and give us the security and service we deserve.
The way they'll fix it is by messing up your phone so it's stops working that way you will have to go to them for a new one. That's happened to me before. I can upgrade mine now but I don't have any issues with my EVO 4G LTE so why upgrade if my phone is good and still works for me. Now comes this new issue with Heartbleed and now I may have to upgrade or root my phone to upgrade the ROM. This sucks! I've been a customer since the early 2000's and never had any complaints. This is ridiculous. I don't want to upgrade my phone yet. I think I will get an unlocked version too.
Sprint and the rest of the carriers need to start taking the security of the customer base seriously. For some people the handset is a replacement for the desktop/laptop. If Microsoft discovers a zero day that exploits a hole in their products they can push a out of band patch in conjunction to the normal cycle. All users of the handhelds hear from the carriers and OEM's is that it "Needs to be tested". Yes they have interest in selling new devices, but what about the people who pay their bill every month? Screw you, buy a new handset, sign a two year contract and repeat the cycle? Sprint.Dan wake up and smell the coffee, your zero day is here and now. This will just be the beginning of what the desktop OS went thru. Step up, take the high ground now before you all look like idiots later. Hindsight is 20/20.
It is not necessary to upgrade your device due to the Heartbleed hack, just change the password to any account you have attached to your device that was affected. I am not sure why this would affect your feeling towards Sprint; do you have an additional concern that you're needing assistance with? The Heartbleed venerability affected the entire world not just Sprint. It is very pleasing to hear that since the early 2000's you have never had any complaints. I hope something like this that we have absolutely no control over does not give you ill feeling towards Sprint. Give us a chance, let us make this right.
Sprint Social Care
Sprint takes the security of our customers very seriously, that is why devices go through testing to try and sort out any glitches and issues such as this before we release them to the public. Unfortunately the Heartbleed venerability is something that not even the US government was aware of and something that the largest tech companies in the world are still trying to resolve and patch. Microsoft is one company that sells one OEM but in the cellular world where we sell devices from several different manufactures that support many different OEM’s the process of discovering and patching issues as large as this requires the corporation and support from everyone evolved. For your cell phone you can change the passwords on any account attached to your device that were affected by the hack and just like before we know this was an issue you should not be affected in anyway. Once we have any new updates or patches that need to be released you will be notified. Please keep in mind that the article you are referring to is just speculating that some devices are affected, there has been no official word from Google or any manufacture that this is the case. Google has since patched all products that were affected. The only thing I would suggest is that you make sure if you have any apps or website shortcuts, that you change your password on the apps and actual websites. For a list of affected sites please visit http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/.
Sprint Social Care
Clyde, you are incorrect.
Any android device running 4.1.1 (HTC Evo 4g LTE's latest OTA update) is vulnerable to a reverse heartbleed attack.
Google has given android partners a patch, but HTC has not released it to customers. HTC teased us with the possibility in February of upgrading to 4.3 but then took down the upgrade from their website and announced that anyone who used the upgrade would void their warranty.
We 4.1.1 users either need the (reverse) heartbleed patch that google provided or a path to upgrade beyond 4.1.1
Installed Heartbleed Detector by Lookout, and it confirmed the vulnerability on my Evo 4G LTE.
OpenSSL version 1.0.1c
Vulnerable behavior is enabled.
Sprint, if you truly care about your customers, get this fixed immediately. Until this is fixed, whether we change any password or not is irrelevant. We are still vulnerable.
The fact that this is not fixed yet is inexcusable.
Action, not words...
I am also frustrated, and want a resolution to this. I understand that this problem has affected phones across all carriers, however I think it is either phone manufacturer or carrier to assist with resolving the issue. Some one needs to help and I hope it happens soon.
Thanks for reaching out and bringing this to our attention. Our technicians are working diligently to reach a resolution for the issue. To stay updated, please visit us at sprint.com/newsroom.
Sprint Social Care Team
You can manually download and install the Android 4.3 version for Sprint HTC EVO 4G LTE, it is an official release from HTC, however HTC pulled it after some time due to some folks experiencing install issues. It also will completely wipe your phone during the upgrade process as it changes the drive partitions.
I installed it back in Feb and it definitely brought new life to my aging EVO. The final version released was build 4.13.651.4 - but I don't think HTC is going to re-release it - you can find the download on mirror sites. It's pretty easy to install, unless you are running windows 8.
I believe sprint and HTC decided to scrap the project and focus on a 4.1.1 build that has the heartbleed fix only. You can see a status message on HTC's site saying they are working on this for the evo here: HTC Software Updates | HTC United States