"Privacy and security are important, and we are committed to improving practices that help safeguard our customers' devices and data," HTC said in a statement.
"Working with our carrier partners, we have addressed the identified security vulnerabilities on the majority of devices in the U.S. released after December 2010. We're working to roll out the remaining software updates now and recommend customers download them once available," the company said.
The FTC's complaint explains that HTC installed Carrier IQ, a software that logs information about the customer's activity, on millions of Android-based phones. HTC installed the software at the request of network operators Sprint and AT&T, who use the information to analyze network and device problems.
The existence of Carrier IQ caused an uproar in 2011 when a developer discovered that it was tracking information such as the users' calls, text messages, Internet browsing history and even physical location.
Many device makers use Carrier IQ, but according to the FTC, because of HTC's security flaws, the company enabled third-party applications to intercept the sensitive information.
The commission's settlement was with HTC America, a subsidiary of HTC Corp., which is based in Taiwan.
Also on Friday, the FTC announced that it will hold a one-day forum on June 4 to discuss malware, viruses and other threats to mobile devices.