ACLU complains to FTC that mobile carriers leave Android phones unsecured

Verizon Wireless, AT&T, Sprint Nextel and T-Mobile USA have been named in the complaint

By , IDG News Service |  Security

Smartphones with custom versions of Android offered by large mobile operators in the U.S. are not getting security updates as regularly as phones from Google, or smartphones from other vendors like Microsoft, according to a complaint by the American Civil Liberties Union to the Federal Trade Commission.

"Android smartphones that do not receive regular, prompt security updates are defective and unreasonably dangerous," ACLU said in the complaint on Tuesday.

The complaint against AT&T, Verizon Wireless, Sprint Nextel and T-Mobile USA states that "all of the major wireless carriers have failed to deliver regular, prompt updates to Android phones which they have sold to their customers," citing results from a survey in December last year by technology news site Ars Technica.

The sale of mobile computing devices such as smartphones and the software updates to the devices are not part of common carrier activities, and are hence subject to FTC authority, according to the complaint, a copy of which is on the ACLU website.

The mobile carriers accused in the complaint could not be immediately reached for comment.

Most Android devices offered by operators are customized by handset makers and wireless operators to support specific hardware, proprietary user interfaces and software application and services, with the result that they are "in effect, unique operating systems which only these companies have the ability to update," according to the complaint.

ACLU distinguishes between "Google-managed Nexus devices", which are sold and managed directly by Google, and run the standard version of Android, and "Non-Google-managed Nexus devices." While the Google managed devices receive regular software updates from Google, the others "do not -- and, in fact, cannot -- receive operating system updates without the participation and approval of the wireless carrier."

Device manufacturers can take time to produce a device-specific update incorporating a vulnerability fix, if there are proprietary modifications to the device's software, according to a 2012 report by the U.S. Government Accountability Office, also cited by ACLU. Carriers can be delayed in providing the updates from the manufacturer because they need time to test whether they interfere with other aspects of the device or the software installed on it, it added.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question