HTC's One Max was a frontrunner in the race to get fingerprint readers onto smartphones, but perhaps the company abandoned basic rules of diligence in the desire to be first to the post.
Researchers at FireEye Labs have discovered that the One Max stores it's fingerprint images on the phone, unencrypted, in a folder that is open to any other program to read. That's a fascinating amount of fail for such a useless feature.
The concern has to be, if a well respected and technically competent OEM is making such basic errors what are those smaller, less storied OEMs breaking when customising the Android experience for theory users.
HTC claims that the error has been fully patched, but the reputational damage (assuming it still has a reputation to damage) could hurt the struggling business.