A bug in Android smartphones made by HTC exposes users' personal data to any application that requests it.

The bug allows a program that has permission to access the Internet to access other sensitive data as well, Gawker Media's tech news site Gizmodo reported Oct. 2.

The affected user data includes email addresses, GPS locations, stored phone numbers and the encoded contents of text messages.

It was not clear as of Sunday whether an intruder would be able to decode the text messages. Banks sometimes use text messages to send one-time passwords for account access, so someone with the ability to intercept and decode that message could compromise a user's bank account.

HTC verified that the flaw exists and said it is working on a security update to lock down user data, Gizmodo reported in a follow-up story Oct. 4. Until the update is released, users should avoid downloading any apps they do not trust.

"Sometimes similarly named apps get into the Android Market," the article said. "If you're downloading what's supposed to be a popular app, and you see that it's only got twenty downloads, you might wanna reconsider."