ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices

chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."

Re:But We Are Open - We are Google - We are Good

[BoRegardless]

Very good question and it deserves to be answered.

If you are going to be good and do good, you should plan things in such a manner so that result occurs. Setting up a whole multi-hundred million or billion set of hand held computers that does not have inherent auto-upgrades (at least for security) as a part of the agreement to license your OS and use it safely is rather absurd in this day and age. We have gone through 20 years of malware on desktop PCs before Android hit the mainstream and Google could have been done right.

When you design a complex system and then go to implement it and tell everyone it is great and the future and the way it should be done, it must encompass maintenance issues to EOL conditions.

Google by putting out an entirely open system and promoting it without any constraints sounds nice but obviously puts users at risk and this was understandable when the project was started by Andy Rubin, so don't say Google was not warned.

Open is nice until users are harmed.