A Washington State company whose software left more than 18 million smart phones and tablet computers vulnerable to security breaches has agreed to improve its software and stop making misleading claims, according to the Federal Trade Commission Tuesday.

The company, HTC America Inc., uses Google's Android, Microsoft Windows Mobile and Windows Phone mobile operating systems in its products, but customized the software to distinguish its products from competing Android manufacturers.

HTC "failed to employ reasonable and appropriate security in the design and customization of the software," a complaint stated, leaving the devices vulnerable to malware.

Third parties potentially had the ability to "surreptitiously record phone conversations, ... track a user's physical location, and ... send text messages that would show up as charges on a user's phone bill" among other things, the complaint stated.

As part of the settlement, HTC is required to develop and release software patches to fix the vulnerabilities, create new security procedures and undergo independent security assessments, the FTC said.