The HTC EVO 4G and the HTC Legend were among the models with the most vulnerability among the 8 handsets cited by the report. Google and Motorola are confirming that the flaws exist while HTC and Samsung are quiet.With Stock Android powered Nexus models scoring the best, it would seem to indicate that phone manufacturers are not adhering to the security permission model devised by Google.
The study from North Carolina State University used a system the research team developed, called Woodpecker. This system checked all apps on a phone for 13 permissions that protect sensitive user data or phone features, on a phone. The Android phones studied were the HTC EVO 4G,HTC Legend, HTC Wildfire S, Motorola DROID, Motorola DROID X, Samsung Epic 4G, Google Nexus One and Google Nexus S. Until security foxes are sent out, the best thing you can do to be protected is to be careful of which apps you are downloading.
You can find the entire report at the sourcelink.
source: NCSU via EngadgetMobile