Carriers dragging their feet on pushing Android OS upgrades and patches out to its over 100 million devices is just a huge security issue. Especially when you consider that a recent survey found that more than 50% of these devices have vulnerabilities that have already been patched by Google.
It makes sense from a carrier perspective … if customers aren’t complaining, why fix it. Not only is there the cost of integration with their “cover” software but also the risk of increased support costs due to customers questions and complaints.
In an attempt to pressure the carriers, the ACLU has filed a complaint with the FTC last week for “unfair and deceptive business practices stemming from their failure to provide available security patches for the Android.” The complaint further accuses carriers for “failing to inform consumers that their systems are unpatched and vulnerable to attack.”
Ok … I’m sure there’s a good reason, besides just laziness, that holds up the carriers from pushing out patches in a timely manner but bravo to the ACLU for helping them prioritize these updates a little higher.
The American Civil Liberties Union asked the FTC on Wednesday to investigate AT&T, Verizon Wireless, Sprint Nextel and T-Mobile for unfair and deceptive business practices stemming from their failure to provide available security patches for the Android operating system running on phones and for failing to inform consumers that their systems are unpatched and vulnerable to attack.
“A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers’ smartphones by the wireless carriers and their handset manufacturer partners,” the ACLU writes in its 16-page complaint (.pdf). “There are millions of vulnerable Android phones in the hands of consumers today because wireless phone carriers and phone hardware makers refuse to transmit existing software security fixes to phones in a timely manner, according to a security researcher.”
Unlike phones made by Apple, which controls the distribution of software updates to its phones, Android users can’t get an update to their phones without a carrier’s intervention. Instead, they have to obtain updates from servers operated by the carriers. But the wireless carriers and hardware makers can take a year or longer to distribute new firmware updates containing security fixes for phones.
Today’s post pic is from Wikipedia.org. See ya!