Slashdot Mirror
ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
Much of the trouble is that the carriers load the phones with worthless bloatware, and block the user's ability to remove it. There's then not enough free space to install updates.
About bloody time that someone does this. It is absolutely indefensible that the carriers have refused to release patches for known security holes for extended periods of time if they release them at all. This blatantly leaves their customers vulnerable and their customers have no way of circumventing this short of rooting their phones.
I read the article before it appeared on Slashdot and many of these phone will literally never receive any patches from the carrier. These phones are effectively being sold as known defective devices and I hope someone initiates a class action lawsuit on the matter as I can't think of any other way to fix this issue. Patch Management really should not be an afterthought and it affects every device, every operating system and unfortunately there are still legions of idiots out there equate Patch Management with Microsoft Windows patch Tuesday.
That it would require a lawsuit in order to patch your phone and secure it against a known vulnerability say much about about the state of American cell phone industry. This country desperately needs to adopt the standards used by the rest of the world and it's a point of shame that we have the industry we do. Most Americans don't know how bad things are here because they never go abroad, and once they do it's like walking into a candy store for the first time with "you can do that?", again and again.
Why did you buy a carrier phone?
Why not get a device that might actually get updates?
You voted for this system with your purchase, you are part of why it exists.
No, the difference is that no one is blocking anyone from getting the XP updates that Microsoft releases. This isn't about Google no longer supplying updates to old Android versions, it's about carriers blocking users from getting updates.
That's what you think. You never noticed that I was sitting there with two extra cans and a pair of scissors!
Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
From TFS:
'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google
They did release patches, the carriers are blocking them, therefore, ACLU is suing to get the carriers to stop being jerks.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Actually I'd say its more about how the corps are trying to treat durable goods as disposable goods. I mean some of these phones are anything but cheap yet by the way these OEMs just abandon the things you'd think they cost the same as those cheapo flash stick you see at checkout lines. If the rumors of Windows Blue are true even MSFT will be getting in on the act, with a new version of Windows being put out every year. If this happens you'll see $1500 laptops treated like $50 tablets because "Your laptop only has drivers for Windows 10 and we are now on Windows 12, go buy a new one".
So what I think needs to be done is minimum support times need to be written in stone, say a minimum of 5 years of updates from time of sale and any company that refuses to honor the support time should be forced to open up the device and hand over the driver code so another OS can be loaded that is patched.
ACs don't waste your time replying, your posts are never seen by me.
I've never had to wait for a carrier to upgrade my iPhone.....
I've never had to wait for a carrier to upgrade my Nexus.....
Oh, wait, did you think that was unique to iPhone?