Researchers from FireEye have found that data that could be used to clone a user’s fingerprint was stored as an unencrypted “world readable” image file on HTC smartphones.

Four security researchers discovered that the image file, which is clear replica of a user’s fingerprint, could be stolen by rogue apps or hackers. The researchers were able to pull fingerprint images from the smartphone and see sufficient detail to tell that, for instance, the fingerprint image was a bit blurry in the bottom section and that the fingerprint sensor had reproducible characteristics. HTC isn’t the only smartphone manufacturer doing a very poor job of securing users’ fingerprints.