Slashdot Mirror
ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
I think this shows one of the greatest flaws in the not owning your hardware debate. What happens when you the company that owns it simply gives up on support??? You're left holding the bag but can't change it's content.
Remember the riots that took place because people running Gingerbread were arbitrarily deemed to be using devices too slow to handle the demands of Ice Cream Sandwich?
Google has no control over handset makers, who have chosen to not only make their own versions of Android (greatly complicating the process of making patches) but also have to deal with carriers. These carriers will not foot the bill for OTA updates and they demand features on these phones be crippled in order to sell their own versions.
your average user exposes themselves to more risk than if they use WinXP. At least the patches are available if they choose to install them.
Android: a shameful security risk
Install Cyanogenmod. Maybe not for the vast majority of users.
why did Google discontinue bug fixes on 2.3.x? Please explain the contorted logic to link phone firmware levels to Civil Liberties.
The google branded devices are going to be the up to date ones. The other brands and especially the carrier specific devices are what is out of date.
Customer education is needed. Many of theses devices have upgrades available. Those that don't may not be able to run the newer versions satisfactorily. If a law like this is passed, I see carriers and makers having to shoehorn updates that don't fit and run terribly onto consumer devices that are years out of date.
Carriers and handset makers need to educate customers in order for the customer to protect themselves. The customers themselves need to take responsibility for their device and its security. Carriers' and makers' security history should affect their reputation.
Colin Dean Go a year without DRM
Dude, you really need to get your Lithium prescription refilled!
I think you missed the point. Google has published the patches but the carriers have not distributed them.
What part of "carrier" made you think that a post about Google was relevant here?
'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers'
Highlighted the important part from TFS. Google's released patches. Carriers are refusing to give them to their customers. There's nothing Google can do about that. Hence why the ACLU is lobbying the FTC to force the carriers into action.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
The Nexus branded Android phones get updates and do not have crapware.
I had a TMobile Galaxy S4G Android.
It does not get updates.
It came with crap ware. Tricked my wife into signing up for a bullshit ringtone service with monthly fee.
Tmobile says phone cannot be updated. Thats bullshit. Rooted it and Flashed Cyanogen.
Maybe its too much effort to port all the crapware.
Much of the trouble is that the carriers load the phones with worthless bloatware, and block the user's ability to remove it. There's then not enough free space to install updates.
However, I wouldn't know exactly what the practical terms of such regulation could be. They certainly can't force manufacturers to support obsolete hardware forever. Perhaps they could prescribe a minimum timespan of guaranteed security fixes.
A couple of months ago my carrier was offering me a new phone.
In the set of phones they were offering me, there were some Samsung models running Android 2.x, and an HTC model running 4.x. The Samsung had better specs, but since it was running such an old version of the OS I decided I'd rather have the HTC.
Of course the big problem is that carriers all put on their own shit to make as much money from you as possible. Selling ringtones, wallpapers, their own app stores, all sorts of crap. They don't want to have to re-certify their apps for new versions, so they're not interested in getting these updates rolled out to customers. In fact, I've heard that many of them actively prevent it.
It took me several days of disabling/uninstalling the crap my carrier had installed to make the phone mostly usable, because they literally try to inject their branding/cash grabs into as much as they can do. I'm not sure I've gotten it all, but there was an awful lot of extra crap that needed to be culled.
Carriers aren't interested in your security, they're interested in maximizing their own revenue. If that leaves you with an old and insecure phone, well, the contract shields them from any liability doesn't it?
Lost at C:>. Found at C.
About bloody time that someone does this. It is absolutely indefensible that the carriers have refused to release patches for known security holes for extended periods of time if they release them at all. This blatantly leaves their customers vulnerable and their customers have no way of circumventing this short of rooting their phones.
I read the article before it appeared on Slashdot and many of these phone will literally never receive any patches from the carrier. These phones are effectively being sold as known defective devices and I hope someone initiates a class action lawsuit on the matter as I can't think of any other way to fix this issue. Patch Management really should not be an afterthought and it affects every device, every operating system and unfortunately there are still legions of idiots out there equate Patch Management with Microsoft Windows patch Tuesday.
That it would require a lawsuit in order to patch your phone and secure it against a known vulnerability say much about about the state of American cell phone industry. This country desperately needs to adopt the standards used by the rest of the world and it's a point of shame that we have the industry we do. Most Americans don't know how bad things are here because they never go abroad, and once they do it's like walking into a candy store for the first time with "you can do that?", again and again.
A civil rights organization is now complaining about security patching policies on smartphones?
"Ay-y-y-y-y-y" -->
<shark>
The difference is MS makes patches available.
Now for the people still running Windows 2000, not so much.
Verizon took months to roll out the last Galaxy Nexus android update to end users. This is despite the fact that other users got their update within a couple days of it going live. Verizon is horrible when it comes to updates.
TheVeryBest
Here in Norway, the carriers are not involved in the phone software. They merely provide a SIM card. Software updates are received from Google and sometimes the handset manufacturer. And to save on phone bills, the updates are usually done over wifi. You don't even need the carrier for that - only an ISP. The 'computer' part of the smartphone don't need the carrier (or their SIM card) to operate.
The carriers are only for phoning someone up and talk to them, sms and conference calls. Oh, and they provide 2/3/4G internet, but wifi is always cheaper when available.
The carrier don't provide software at all, except for setting up the SIM card. The "smart" side of the phone is entirely between the user and Google.
Hey look a Fandroid idiot. Are millions of users still running unpatched Windows XP because the company who sold them the hardware is blocking the updates from Microsoft? Unless the answer is "yes" your question is retarded beyond reason.
The problems of both carrier bloatware and abandonment are why I will never again buy a phone from a carrier. If you get your device straight from Google you get timely updates for a much longer period.
This is one of the reasons I recommend Google phones to my friends who like Android.
Ok... this is flat out wrong. DNS resolution is not performed in kernel/ring 0, it's performed in libc (unix) or a DLL on Windows. Think of how many BIND or Microsoft DNS bugs there have been. Do you want that in the kernel?
Second issue - the BSD DNS resolver does not cache the hosts file. Every time you do a DNS lookup, it opens the file, scans it line-by-line, and then closes it. In Windows, if you're running the DNS client, it will load and parse the hosts file (and reload when it changes). If the DNS client is not running, it loads and parses the hosts file every time you resolve an address.
Caused by an unpatched phone vulnerability. Terrorism for nerds, gaping holes that matters.
most of these older phones do not have the memory to run the latest Android version. I can't upgrade my old HTC Desire any more, not because I'm prevented by the supplier, but because the new versions of Android won't comfortably fit.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
No, the difference is that no one is blocking anyone from getting the XP updates that Microsoft releases. This isn't about Google no longer supplying updates to old Android versions, it's about carriers blocking users from getting updates.
I distinctly remember being stuck on Gingerbread while Google was describing the great advancements of ICS for over a year. Then I finally got ICS a week before Google released jellybean. Decided to avoid any android phone after that stupidity
Microsoft should be forced to continue to make updates for my Windows 95 machine as well. /s
It's too much effort to port all the crapware. Seriously.
The problem with the Nexus lineup is that unless you're on AT&T or T-Mobile, you're SOL. AT&T's mediocre where I mostly use my phone these days. They were that way in prior years in different areas. T-Moble? They'll tell you they've got rocking coverage and blazing "4G" speeds. Maybe. If you're in the downtown area of the major metripolitan markets they're in. If you're in the edges, on the road, etc. you will get decidedly mixed results leaning towards craptastic.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Oh really? Because I have a Nexus One here which would disagree (if it were able to go long enough without crashing to do so). Running 2.3.6 and it will forevermore report itself as "up to date," because google decided the phone was too old to receive updates after less than 2 years.
the most powerful intellect is that unbounded by indubitable preconception
The carriers want you to agree to a new phone/contract, not keep using your current phone. Preventing your current phone from running apps that require Android 4.x by preventing you from upgrading to 4.x is a great (great as in "heads I win, tails you lose", "you" as in "you've never heard of Slashdot") way of motivating you to get a new phone and a new contract.
Very good question and it deserves to be answered.
If you are going to be good and do good, you should plan things in such a manner so that result occurs. Setting up a whole multi-hundred million or billion set of hand held computers that does not have inherent auto-upgrades (at least for security) as a part of the agreement to license your OS and use it safely is rather absurd in this day and age. We have gone through 20 years of malware on desktop PCs before Android hit the mainstream and Google could have been done right.
When you design a complex system and then go to implement it and tell everyone it is great and the future and the way it should be done, it must encompass maintenance issues to EOL conditions.
Google by putting out an entirely open system and promoting it without any constraints sounds nice but obviously puts users at risk and this was understandable when the project was started by Andy Rubin, so don't say Google was not warned.
Open is nice until users are harmed.
Thanks for the valuable insight, iDrone.
so do you feel like a big boy now that you've called someone an idiot and a retard? you could have posted the same information in a civil manner and been taken a lot more seriously. as it is you come off as an unpleasant individual with a chip on your shoulder, it makes taking your comment seriously and only invites someone else to come along and call you names, which creates an endless cycle of bad behavior. do yourself and everyone else a favor and strive to be better, the internet is filled with enough thoughtless hate. don't you think it's time we all started to act civil?
Nexus branded phones aren't much better. The galaxy S2 got an update to ICS (4.0) then an update to Jellybean (4.1) before updates were discontinued. That's two major updates for the S2. The Nexus S got an update to ICS (4.0) then an update to Jellybean (4.1) and google announced no 4.2 would be coming for the nexus S... That's just two major updates the the Nexus S, no better than the S2. The Nexus one was the same, update to Froyo (2.2) and gingerbread (2.3), then announced no more updates. The sad thing is the nexus series of phones really dont get more updates than anyone else, they just get to release the software update for their own devices first.
Who exactly is "blocking" them ? If you can't get patches from your carrier OTA, use the damn WiFi and download them from Android direct ? Who doesn't have WiFi these days ? This is like arguing Microsoft is "blocking" Windows patches because you didn't pay your electricity bill.
The GS2 got Jelly bean last week. The updates for it have not yet been discontinued.
The Nexus S is still well supported in the community and has gotten bug fix versions of 4.1.
I agree that security on peoples' private phones is important, but I have no idea why the ACLU is getting involved. It's one thing to fight against government intrusion into privacy, and quite another to fight to have the government compel private companies to force updates on users' phones.
Taking guns away from the 99% gives the 1% 100% of the power.
The Nexus one is ancient.
The Nexus line gets updates quickly, not for a longer period of time.
You could easily find community Roms for it if you wanted.
A history of terrible software support? Blame the users. The comments here are funny.
Clearly... you're better off with an iPhone
I have a Nexus One as well.
I don't really mind not getting an update to ICS or Jelly Bean. I DO mind not getting bug fixes.
The versions of Android per handset isn't standard so the user isn't able to simply download an update. If that were the case, there would be nothing blocking the owner.
Google branded devices are also not that popular. Android is more of a Samsung thing.
Did you hear the new iPhone 5 is out! It's.... taller?
Just because Google isn't actively providing updates it doesn't mean you can't still install them. If your phone has a locked bootloader that isn't the case.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
In other words, just like the GP said, Google said go fuck yourself after 1.5 years.
Yeah, that's SO much better than the carriers.
Carriers are interested in 2 things. Keeping you with them, and making money off you. Carriers sell new phones at a loss, they don't want you to buy a new phone if you are already on a high margin plan and aren't thinking about leaving.
When people buy a new phone, for example an iPhone, the carrier sells the phone at a substancial loss and will generally not make a profit off you as a customer for at least 12 months. If people are already on a smartphone plan with data the carrier would much rather have you sit there and simply pay your bill after you have paid back the subsidy then upgrade to a new device. Verizon pushing back their upgrades to 24mo from 20 a few weeks ago is proof of this.
next up, outlawing EOL os's.
This country is now run by a
BOATLOAD OF CORRUPT IDIOTS
Well, unlike many of you, I don't work in the tech industry. But it is pretty damn easy to find updates for very old hardware. My Galaxy S Captivate, ancient by phone standards, is still enjoying support from a very vibrant homebrew community. I have my pick of a multitude of ROMs that I can easily browse and install through an app called ROM manager. As for bloatware, I have used Root Explorer to completely remove bloatware for many of my friends on their android phones. Rooting is trivial and unrooting for warranty purposes is equally trivial. By trivial, I mean typing the term into Google or XDA and clicking Download. This is not beyond the comprehension of an ordinary person. To be sure, you can be lazy or for other reasons, decide not to fully utilize your device. But the resources and the community and the constant stream of steady updates are always available. Android brought some choice and freedom to the phone market... but it is still up to the end user to exercise that choice and freedom. Or, just buy a new phone... much like it used to be anyway.
If they were going to be releasing 4.2 for the GS2 then we probably would have seen it come out two months ago when 4.1 came out for the s2. And 4.1 is old 4.2 is the current one, google announced the Nexus S would not be getting 4.2, thus the nexus series of phones only gets two updates, just like any other series of phones google or otherwise.
The American Civil Liberties Union?
http://www.aclu.org/free-speech/aclu-and-citizens-united
"In Citizens United, the Supreme Court ruled that independent political expenditures by corporations and unions are protected under the First Amendment and not subject to restriction by the government. The Court therefore struck down a ban on campaign expenditures by corporations and unions that applied to non-profit corporations like Planned Parenthood and the National Rifle Association, as well as for-profit corporations like General Motors and Microsoft."
LOL
They have no credibility, whatsoever.
I see the nexus s, galaxy nexus, and nexus 4 all over the place
The complaint is reasonable, but has little-to-nothing to do with Civil Liberties. I'd rather ACLU concentrated on defending the Second Amendment and right to speak any language you damn please without fear of being kicked off of an airplane.
In Soviet Washington the swamp drains you.
It should be cached by the VFS layer though, so it's only opening/closing the contents in RAM. Still inefficient but not as bad as you make it sound.
4.2 is current I know, my phone is running 4.2.2.
The T-mobile and Sprint GS2s got 4.1.2 at the end of March or beginning of April. Meaning if 4.2 came out for them it would not be for another 3+ months.
Many non-google phones get no updates or 1 update. Against my recommendation she who must be obeyed bought a rezound. It only ever got one update. It will likely never see anything beyond ICS.
There are things Google, and customers, could do to help this problem.
A bit of background as to some of the causes:
Phone manufacturers are hesitant to release updates because they really should test them first. Testing is a pain for a few reasons. One is that they also have customizations to their phone UI. Another is that they have many different hardware configurations. They have all these hardware configurations because their marketing people thought that coming out with an entirely new phone handset every 6 months was a good idea. This problem is amplified by the lawyers who refuse to let them release their drivers open source. So those drivers may not even compile against the latest Android kernel. If they released the drivers, then those drivers would be maintained by Google. (Similar problems existing with some PC hardware manufacturers.)
Sooooo...
Google could require that OEMs provide their drivers back to Google. That way they know the drivers will at least compile against the latest versions of Android. Google has put in some efforts to prevent fragmentation. But I don't think they have addressed the driver issue.
Customers could actually complain to their phone carriers and handset manufacturers about bugs, security problems, and missing features. They could also refuse to buy phones from carriers and manufacturers who don't let you install stock Android on the phone. That right there is the #1 -- just cut out the OEMs entirely.
I don't use Android phones, but different phones use different specially modified versions of Android. It's not like every version of Android is exactly the same.
You can't just go get a random version of Android and run it on any specific phone.
If you can't get patches from your carrier OTA, use the damn WiFi and download them from Android direct ?
Well, to paraphrase the news monster...
Android updates do not work that way!
GOODNIGHT!
An enigma, wrapped in a riddle, shrouded in bacon and cheese
they can't release since they do not have permission
Easy. If they can't release source code because one of the dozens of companies denies that, then they must continue to provide updates.
by preventing you from upgrading
There is a vast difference between not supplying an update FOR you, and PREVENTING you from updating.
Unless you have a locked bootloader, nothing is PREVENTING you from upgrading.
My first and only Android experience is my GS3. I love it and think it is a great device. So many cool apps, so powerful, easy to use, phone sounds great, etc; However, with that being said, yes, the way the device came pre-loaded with Sprint garbage was atrocious. And how these devices tie in to Google...
First off you can't realistically use an Android device unless it is at least rooted.
If its not rooted and you can manage apps and permissions, then you are a sitting duck for crapware, etc;
Secondly, and only after the difficult process of rooting was accomplished did I realize that rooting alone is just a first step.
The only real way to use an Android device is with some modded ROM such as Cyanogenmod.
The absolute filth that is pre-loaded onto the phone company supplied devices(my experience is only with Sprint and Samsung GS3) defies description(actually I did just describe it...)
Yet, it is amazing how many people I see running pre-loaded stock Android devices and blissfully are unaware of any of the security issues, etc;
We play the game with the bravery of being out of range
So, 25% of Android users are on 4.X and 40% are on 2.X? That's only 65%. Does that mean the other 35% are still on Android 1.X?
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Why did you buy a carrier phone?
One reason might be that CDMA2000 carriers (Verizon and Sprint) have noticeably more reliable coverage where the subscriber lives and works than GSM carriers (AT&T and T-Mobile). There are parts of the United States where Verizon carrier, has the most reliable coverage by far. The problem here is that CDMA2000 carriers in the United States happen not to use a removable CSIM. Instead, the carrier programs the subscriber identity directly into the device, and the major U.S. CDMA2000 carriers are willing to program only devices that they sold.
If you can't get patches from your carrier OTA, use the damn WiFi and download them from Android direct ?
I get the impression from other comments that Android.com can't make binary updates available because all manufacturers have customized Android to fit the specific SoC of each device, and phone manufacturers don't make updates available for carrier-branded devices. ARM devices are not like PCs, where Plug and Play over the PCI bus allows a generic kernel to enumerate devices and load their drivers. Or should ARM devices be emulating a RiscPC in this respect?
This does not smell right. Windows have suffered far more attacks than Android.
Wonder how big a contribution the Bill and Millenda Gates foundation made to the ACLU?
Here in Norway, the carriers are not involved in the phone software. They merely provide a SIM card.
In the United States, two of the major carriers don't use GSM at all but instead CDMA2000. Devices using CDMA2000 are not required to use CSIM cards, and most CDMA2000 devices in the U.S. do not. Instead, devices' radio interfaces are hardcoded to talk to one carrier.
Oh, and they provide 2/3/4G internet, but wifi is always cheaper when available.
Is Wi-Fi available on city buses?
Greenpeace doesn't have a lot of time either, what with its focus on better guidelines for iOS developers to ensure they can safely know ahead of time whether their apps will make it into the App Store.
You're right: it does create e-waste to switch to a Mac and buy an iPad mini only to find that your application concepts would run up against a blanket category ban in the App Store Review Guidelines.
The ACLU has had serious mission creep. It should stick to defending civil liberties, consistently and across the board. Instead, it has turned into an advocacy group for progressive causes, at times even contradicting its core mission. Now it seems to be thinking of itself as a consumer advocacy group in the area of technology. WTF are they thinking?
But for how long?
The manufacturer should provide security updates for at least two years after the manufacturer discontinues sales of the model. This way, someone who buys a phone just before it is discontinued and enters the typical 24-month service commitment can still have a secure device for the entire period.
I believe their (unofficial) corporate motto is "Don't be evil", not "Be good". You are suggesting that it is Google's job to restrict the freedoms of others so that they can be a corporate policeman and enforce their idea of what level of support a company should offer. And, I am assuming that you would want them to then sue said company if they violated the license terms by not updating the OS on their customer's phone. While you may think this is "good", it sounds a little big-brothery and controlling and a little like how patent trolls operate. Which would seem closer to "evil" to me than what they are currently doing.
This is very typical of MS's MO. They send their execs to work at Nokia, or whatever.
Melissa Chabrán is on the board of the Washing State ACLU. She is also the Senior Program Officer at the Bill & Melinda Gates Foundation.
You must have an interesting definition for the word "popular".
I quite agree. I have a desire Z that I bought and got a SIM only contract. HTC will not update it, instead the come out with some lie about it already running the software that is best for its users - or some similar bollocks.
Quite simple: I won't buy HTC again.
Remove the legal restrictions prohibiting "hacking" (i.e. modifying) your own device.
We could try to legally force the carriers to do something they don't want to do. I think empowering users to do something they *do* want to do is going to have better and faster results.
Another option is to simply buy unlocked phones.
I would suggest people switch to mobile plans that do not require contracts to subsidize phone. You can get a Nexus 4 for $300. The cheapest subsidized android phones are going to be about $480 ($20 x 24 months) even if you get them for "free". There is already a solution to the problem. Enough people demanded this and T-Mobile listened in order to be more competitive. If enough people switch to T-Mobile, then the other 3 networks will need to update their business model as well.
Ya your Nexus One is ancient, it's.... what? You say the 4 year old iPhone 3GS runs the latest iOS 6.1? Oh.... umm idk then, i guess buy apple next time
my karma will be here long after I'm gone
I'm not sure what planet you're on but samsung by far sells the most android phones. 42% of android phones are samsung phones globally and in the US the percentage is even higher. I believe the next highest percentage was something like 12% with the rest in single digits. The Nexus 4 isn't even a real contender amongst Android phones.
That's all well and fine, my S3 is currently running it, however the vast majority of users will not be able to install CWM or use ADB on their own even with a tutorial. It also has the consequence of voiding the warranty. Yes you could flash back but lets face it most people can barely operate Google Maps without throwing a fit much less flash a ROM.
If this succeeds what you are going to see is a slow down in the market. Manufacturers will not be able to push but a handful of phones every year because they will be expected to support them. So we, the power users, will go from having a new top tier phone every 6 months to maybe one a year, or maybe not at all because there will a monetary consequence to pushing the envelope with brand new hardware combination in every iteration.
The carriers are going to fight it tooth and nail as well because not only will they be forced to get the updates out in a timely fashion (looking at you Verizon), they will be required to utilize their sacred bandwidth, which they already charge too much for, to push the updates.
As I understand it, ARM GPIO with blob drivers and the nature of the Linux kernel makes this expensive and time consuming for carriers, OEMs and hw manufactures like Qualcomm, etc.
If x86 devices with open source drivers were available, wouldn't this help solve the problem? Couldn't updates be issued like they are for Windows and Linux on x86? Will the upcoming Intel Atom Baytrail SOC have BIOS enabling generic image installs and updates?
Would someone (smarter than me) shed some light on this, please.
If most of Android became APK files (except kernel, driver, root-land & a few other pieces) then carriers would have far less work to push out these updates. The updates would happen automatically like for apps. This may require dependency logic: 'This app requires that you update libAndroid.apk". It works for Chrome.apk & could be used for nearly all Java libs.
Though not a complete solution, it would resemble part of the solution the Linux distros use. It would considerably reduce surface area to attack (an important goal). As a side benefit shared libs would make security easier for everyone: lib developers (as a first-class APK), app developers (look to lib developers to fix their bugs), carriers & users (less data to transfer).
Science & open-source build trust from peer review. Learn systems you can trust.
If you come at it from the "Don't be evil" side for consumers, then I win: Google should license only phone vendors that promise to update their phones automatically for 5 years.
The NRA already defends the second amendment with far, far more money than the ACLU has. The ACLU defends the other nine amendments. Since you care about free speech I assume that you give as much money to the ACLU as the NRA. If not, well, you've shown exactly how much you care about free speech (on or off of airplanes).
But I agree that while I also like the complaint (and love the proposed remedies), this doesn't seem to be a civil liberty.
The statements "Google branded phones are popular" and "Samsung phones are popular" are not mutually exclusive. Afterall 2 out of 4 google phones were Samsung.
Also samsung (along with other manufacturers) makes a lot of different phones. It is possible for a phone to have a relatively high market share even if the company that makes it does not.
Apple: 36.3%
Samsung: 21%
HTC: 10.2%
Motorola: 9.1%
LG: 7.1%
Furthermore, I don't think the takeaway from this chart is that Samsung is the clear winner and HTC, Motorola, and LG are losers. If that were the case then it would be just as easy to claim everyone except Apple was a loser.
To me that looks like nobody clearly dominates the market.
but.. but.. it's not really iOS 6.1 it strips out features!
I wonder how old is the iPhone 3GS, because, afaik, it's still getting OS updates and patches. Heh.
So, you are really trying to say that Google is an EVIL corporation because they do not police other corporations and FORCE them to be good companies? I am starting to believe that you are just trolling. You have a very broad view of evil. What does this make the phone vendors? Extra-strength Evil? Super Evil? Mega-Evil? It would also be nice if Google would bring about world peace, but I don't think that they are Evil because they haven't done it.
I find it interesting that because a company publicly says that they are going to try not to be "Evil", people come out and say that everything that they do that is not exactly what the person wants them to do falls into the "Evil" category. Discontinuing Google Reader -> Evil. Targeted Ads -> Evil. Tracking your behavior (but not selling it to anyone or allowing anyone to see your personally identifiable information) -> Evil. Google has not forced anyone to do anything. If you don't want them to know what you do, then just disable your cookies. Where companies start to be "evil" in my book is when they start pushing around consumers because they can. Because they have a monopoly or have you locked in so they know that you can't vote with your money. From everything I have seen, Google is a good company that tries to make their consumers (the average joe) happy, even though their real customers are the companies they sell ads to. If you want to be a hater, then I can't stop you. But know that you are hating only because you want them to fail, because you believe that people cannot succeed at being good so when someone tries to do it you look for anything that can prove that they aren't, and ignore anything that shows that they are.
I'd rather they focus their efforts on protecting the first, fourth, and fifth ammendments
__
posting AC due to mod points
You would also need enough hardware specifications to create/update drivers.
true. cyanogen was great on my triumph except for the camera (it would click periodically as the autofocus just cycled back and forth; occasionally you'd get lucky, so i just took ten pictures instead of one and pick the best) and the hdmi. both were reverse-engineered as best as possible, which in the case of hdmi was not at all.
of course the triumph was still a piece of shit overall; i bought a nexus 4. it works well for now.
still don't see how this something the aclu should be doing.
"They were pure niggers." – Noam Chomsky
The OS 6.1 for 3GS with striped features is about as "updated" as Android 2.3.6.
Except for security updates, presumably.
it's OHHHHH-PEN!
-- "I'm not in a hurry; I'm in Hawaii." The Homeless Guy
From what I see of success it is spelled "Vertically Integrated" in mass market electronics and now with Google getting more adept and buying a "SIRI competitor" I am looking at Google getting its act together and making its own hardware and becoming more like Apple.
If Google does that and controls the updates for their customers like Apple does and possibly changes the Android license to HTC, et al, then I would count Google as being more consumer friendly and good.
This is no change from the Windows Mobile phones of yore. The HTC Touch/VZW XV6900 and Titan (I think that's the generic HTC name)/VZW XV6800 both had significant updates (WinMo 6.0 to 6.1, GPS enablement, patches, etc.), around 5-6 years ago (whenever it was I was drooling over them before Android came along). There was lots of buzz on the 'Net then about what the patches would do, and hardy souls who got them via "leaks", and tested/distributed them - lots of fun then, no different now it seems. VZW took their own good time for releasing those, too.
YMMV
Car analogy:
Dealer sells car, manufacturer issues nationwide safety recall and the dealer refuses to honor/perform the necessary repairs.
It seems that the ACLU is broadening its mission in order to garner headlines and cheap publicity. Cell phone security does not exactly come under the heading of "civil liberties."
So, you are really trying to say that Google is an EVIL corporation because they do not police other corporations and FORCE them to be good companies?
Kind of, they exert control over the members of the Open Handset Alliance when it suits them, like for instance when a member also wants to support an incompatible Android fork, but when they could use the OHA to benefit their customers by making it mandatory upgrade requirements a part of the OHA membership they do nothing.
Presumably,
You want to do a run-down of features from the latest iOS that aren't available on the special version for the 3GS?
- Michael T. Babcock (Yes, I blog)
All security patches, which is the entire point of this discussion. So what do you want to pull out of your ass now fanboy?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I think you missed the point. Google has published the patches but the carriers have not distributed them.
Actually, may be they have. In the sources the ACLU is using for its FTC complaint, the most thorough and well researched article they're using to support their point, is purposefully not counting minor updates:
(Note that we define "update" as a major point release of Android—2.2 Froyo, 2.3 Gingerbread, 4.0 Ice Cream Sandwich. More minor updates or firmware releases are not accounted for here.)
Now I understand Android users getting pissed off for not getting major updates, but if we're really talking about "security updates", minor versions should at least be counted. Gingerbread for instance is not going away anytime soon. All manufacturers for instance are still making the cheaper single processor Gingerbread phones, and they currently have no plans of ever stopping that (at least not for the lower end of the market). Does that mean that Gingerbread is insecure? Not in the least, Google is still making minor security updates for Gingerbread and will probably continue to do so for years to come.
And ACLU's Christopher Soghian, author/first signature of the two on the formal ACLU complaint, is quoting a Washington Post article which is only quoting himself, ACLU's Christopher Soghian, as the sole source. WTF? Why did he even feel the need to reference that article? Is his ego more important than the point he is trying to support?
Also, I can no longer find the reference, but the last time his name came up, someone on slashdot found his linkedin profile in which he immediately described himself as being an iPhone owner. And yes, I realize the irony of quoting a source I can no longer find, when I just complained about someone referencing an article in support of his point quoting himself as the sole source.
But assuming I'm telling the truth, or assuming you remember seeing what I saw, who would do that on their linkedin profile? Does he post that on his resume as well? I can think of more subtle ways to communicate one's membership in the iPhone owners club. And if anyone was coming to the rescue of Android users, I would prefer that person to be an Android user/owner himself (after all, there are so many), instead of a person who proudly wears his iPhone as some kind of badge of honor instead (again, that's assuming you think I'm even telling the truth about what I read from his linkedin profile, you may not even believe me of course).
Why is it that carriers are not able to block iOS devices? Why can't Android manufacturers build their devices so that they can be updated from an Internet connection that is independent of any carrier?
A sufficiently advanced simulation is indistinguishable from reality.
Hardware vendors and cellular service companies are never going to have a stake in security unless it becomes so horrific that they can't get people to subscribe/purchase new phones.
The only solution is to mandate the release of specifications and source for the phones. What we have currently is a dependency on companies that we should not have. Android is not free. Android is an OS that is dependent on a huge assortment of proprietary software despite some parts being free. The drivers, firmware, and and stuff that runs on top of it is all non-free.
If things were truly free older phones would be better supported by the community and we wouldn't have this security nightmare situation.
And you'll never have a safe situation without the complete release of code. Security is dependent on there being as many eyeballs as possible. And its not that this in and of itself solves the problem but it certainly helps.
Why is a phone manufacturer not able to provide updates for THEIR particular flavor of Android? Apple seems to be able to do that for the iPhones.
A sufficiently advanced simulation is indistinguishable from reality.
Not getting updates from the manufacturer for any particular model of a product is a good reason not to buy such a product. If Apple can update their iPhones without carrier interference, why can't Android manufacturers update their particular phones the same way?
A sufficiently advanced simulation is indistinguishable from reality.
It's better not because they support the device for longer, but because you get the updates sooner after they're released. Typically the first phones to get updated to the latest, greatest Android version are the Google reference models.
It's hard to provide certain features when the hardware doesn't exist in the older versions of the phone.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
>The latest data from Google highlights the challenge facing the company, with just over 25% of Android
>users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months
>after its release
And this is surprising, why exactly? My aunt had her last cell phone until the carrier shut down the network it was running on and gave her a new one. Some people go out to buy the latest gadget every single time a new one is released, but many (if not most) people are satisfied if it works. If people needed to upgrade every 6 months, that would point to a large problem.
If the second amendment is eliminated, the others are not worth the paper they're written on. Ultimately, ALL of the Constitution lives or dies by the Second Amendment. Take away the right of people to defend themselves, then all other rights of null and void.
A sufficiently advanced simulation is indistinguishable from reality.
It is perfectly up to date as far as security-related patches are concerned! So, what's your point?
Google has published the patches but the carriers have not distributed them.
URL or it didn't happen. Google does not announce Android security updates on their official mailing list nor anywhere else. They don't publicly document the vulnerabilities they fixed with a new point release nor do they reserve CVE numbers for these. Not even speaking of publishing patches for individual vulnerabilities.
OS Reviews: Free and Open Source Software
If you have no security, you have no privacy. Putting my tinfoil hat on, I'd say the organs of Fath^H^H^H^HHomeland Security would prefer phones be kept as leaky as possible.
No, anything they need to provide would only be up until your contract is finished.
And the contract of anyone else who bought the same model new. This means updates need to continue for 24 months after the phone is withdrawn from sale.
they are obligating themselves to provide a 100% working phone.
And 100% working != up-to-date.
An Internet-connected device with known security vulnerabilities cannot be considered "100% working", and here's why: A device that can be remotely rooted by an attacker can be rendered no longer "100% working" by an attacker.
Or so you say,
your primary carrier is still getting your monthly payment and still recovering the phone subsidy.
No they subsidize the phone based on the fees they collect for usage
What you refer to as "the fees they collect for usage" is part of what I referred to as "your monthly payment". Could you explain the difference?
why would prepaid carriers such as Virgin Mobile USA be selling locked phones and using radio protocols such as CDMA2000 that encourage the sale of locked phones?
Don't like it? Buy one outright instead.
Phones bought outright from CDMA2000 carriers are still locked.
How is this an ACLU issue? These are the people who are supposed to stand up for our rights, as in Constitutionally guaranteed rights. Do they really have so little to do stopping the violation of our rights that they need to go into this? As someone whose rights have been violated and seen the ACLU pick and choose their involvement based on what will have the greatest impact, supposedly. I'm appalled to see them getting involved in a consumer issue that has nothing to do with an individual's or groups rights. Sorry but you don't have a "right" to security updates. It's a free market economy, you have a "right" not to use a product or service. I'm not offering an opinion on if the carriers should or didn't do something. I’m only commenting on the ACLU acting like a big money, sleazy, class-action lawyer and not the champion of our rights they claim to be.
While the previous model to that, the 3G couldn't run past 4.2, and even using 4.2 would make the phone cripplingly slow and almost unusable for some tasks. I'd had the phone only one year out of a three year contract, and already it had become more a hindrance than a help for anything beyond making phone calls and listening to music.
Eventually I jailbroke and downgraded it, but just because you CAN have the latest update, doesn't mean you should.
I would upgrade my Nexus One to 4.1 or 4.2, but....Google doesn't support those versions on that phone.
To have an Android device you purchased (or rented) patched is not a human right. Maybe, it is a consumer right, and should be defended by consumer-rights advocates, but ACLU is not (supposed to be) one. That they prefer to concentrate on this instead of on one of the rights enumerated by the Bill of Rights, is telling, how low the organization has fallen.
Whatever you say about NRA, clearly, their efforts aren't sufficient, because the right to keep and bear arms (the one, you know, that shall not be infringed) is routinely denied, and even in the most liberal states (like Texas), is treated not as right, but as a mere privilege (subject to the Executive's approval, to be denied or withdrawn on a whim).
Now, since you tried to make this about me, my own story with ACLU is this -- when I gave them money (and I never gave to NRA in my life) by becoming a member a few years ago, a month later I got a subscription invitation to "The Nation" (a fairly disgusting ultra-Left magazine). It was sent to the specially-tagged address I used, when registering with ACLU. So, no, they aren't seeing any of my money again — not until they prove, that they are willing to stand up for the Constitution and our rights.
They can begin by challenging the government's authority to kick people out of their houses and search them, as just happened en-mass in Boston.
In Soviet Washington the swamp drains you.