Slashdot Mirror
ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
I think this shows one of the greatest flaws in the not owning your hardware debate. What happens when you the company that owns it simply gives up on support??? You're left holding the bag but can't change it's content.
your average user exposes themselves to more risk than if they use WinXP. At least the patches are available if they choose to install them.
Android: a shameful security risk
I think you missed the point. Google has published the patches but the carriers have not distributed them.
"Many of theses devices have upgrades available." Actually part of the problem is many of them do, but the carriers are specifically blocking them from being released.
"Slashdot, where telling the truth is overrated but lying is insightful."
'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers'
Highlighted the important part from TFS. Google's released patches. Carriers are refusing to give them to their customers. There's nothing Google can do about that. Hence why the ACLU is lobbying the FTC to force the carriers into action.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
For the exact same reason Microsoft doesn't make new patches for Windows 95, Windows 3.1 or DOS 6.22.
You already knew that answer, however, so go troll elsewhere.
I run (unofficial) Cyanogenmod and mostly like it, but I wouldn't wish it on anyone. Every release has a little something important broken. Don't get me wrong, I'm very grateful to the people doing this stuff for free, but when your battery life suddenly gets cut in half and you have to choose between a working camera in the newest release or short battery life, it gets to be a PITA. Plus, it's a time sink...
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.