The security flaw in HTC smartphones persists since 2011.
HTC has settled charges with the US Federal Trade Commission (FTC) by agreeing to fix flaws in its smartphones and other mobile devices, which left 'sensitive information about millions of consumers at risk'.
As part of the agreement, HTC has to develop and release software patches to repair vulnerabilities discovered in several of its devices, as well as setting up a comprehensive security programme aimed at dealing with security risks in the devices.
The smartphone maker also has to undergo independent security assessments every two years for the next 20 years.
HTC was charged with improperly modifying the operating system software on its Android- and Windows-based phones, which had allowed third-party apps install software that would collect users' personal data without seeking users consent.
HTC spokeswoman, Sally Julien ,said in a statement that privacy and security are important and that the company will improve its practises that help safeguard its customers' devices and data.
"Working with our carrier partners, we have addressed the identified security vulnerabilities of the majority of devices in the U.S. released after December 2010," Julien said.
"We're working to roll out the remaining software updates now and recommend customers download them at once."