Slashdot Mirror
ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
A corrupt slashdot luser has pentrated the moderation system to downmod all my posts while impersonating me.
Nearly 230++ times that I know of @ this point for all of March/April 2013 so far, & others here have told you to stop - take the hint, lunatic (leave slashdot)...
Sorry folks - but whoever the nutjob is that's attempting to impersonate me, & upset the rest of you as well, has SERIOUS mental issues, no questions asked! I must've gotten the better of him + seriously "gotten his goat" in doing so in a technical debate & his "geek angst" @ losing to me has him doing the:
---
A.) $10,000 challenges, ala (where the imposter actually TRACKED + LISTED the # of times he's done this no less, & where I get the 180 or so times I noted above) -> http://it.slashdot.org/comments.pl?sid=3585795&cid=43285307
&/or
B.) Reposting OLD + possibly altered models - (this I haven't checked on as to altering the veracity of the info. being changed) of posts of mine from the past here
---
(Albeit massively repeatedly thru all threads on /. this March/April 2013 nearly in its entirety thusfar).
* Personally, I'm surprised the moderation staff here hasn't just "blocked out" his network range yet honestly!
(They know it's NOT the same as my own as well, especially after THIS post of mine, which they CAN see the IP range I am coming out of to compare with the ac spamming troll doing the above...).
APK
P.S.=> Again/Stressing it: NO guys - it is NOT me doing it, as I wouldn't waste that much time on such trivial b.s. like a kid might...
Plus, I only post where hosts file usage is on topic or appropriate for a solution & certainly NOT IN EVERY POST ON SLASHDOT (like the nutcase trying to "impersonate me" is doing for nearly all of March/April now, & 230++ times that I know of @ least)... apk
P.S.=> here is CORRECT host file information just to piss off the insane lunatic troll:
--
21++ ADVANTAGES OF CUSTOM HOSTS FILES (how/what/when/where/why):
Over AdBlock & DNS Servers ALONE 4 Security, Speed, Reliability, & Anonymity (to an extent vs. DNSBL's + DNS request logs).
1.) HOSTS files are useable for all these purposes because they are present on all Operating Systems that have a BSD based IP stack (even ANDROID) and do adblocking for ANY webbrowser, email program, etc. (any webbound program). A truly "multi-platform" UNIVERSAL solution for added speed, security, reliability, & even anonymity to an extent (vs. DNS request logs + DNSBL's you feel are unjust hosts get you past/around).
2.) Adblock blocks ads? Well, not anymore & certainly not as well by default, apparently, lol - see below:
Adblock Plus To Offer 'Acceptable Ads' Option
http://news.slashdot.org/story/11/12/12/2213233/adblock-plus-to-offer-acceptable-ads-option )
AND, in only browsers & their subprogram families (ala email like Thunderbird for FireFox/Mozilla products (use same gecko & xulrunner engines)), but not all, or, all independent email clients, like Outlook, Outlook Express, OR Window "LIVE" mail (for example(s)) - there's many more like EUDORA & others I've used over time that AdBlock just DOES NOT COVER... period.
Disclaimer: Opera now also has an AdBlock addon (now that Opera has addons above widgets), but I am not certain the same people make it as they do for FF or Chrome etc..
3.) Adblock doesn't protect email programs external to FF (non-mozilla/gecko engine based) family based wares, So AdBlock doesn't protect email programs like Outlook, Outlook Express, Windows "LIVE" mail & others like them (EUDORA etc./et al), Hosts files do. THIS IS GOOD VS. SPAM M
I think this shows one of the greatest flaws in the not owning your hardware debate. What happens when you the company that owns it simply gives up on support??? You're left holding the bag but can't change it's content.
Yeah, I know our stock is down near $12 right now, but that's nothing...
Remember the riots that took place because people running Gingerbread were arbitrarily deemed to be using devices too slow to handle the demands of Ice Cream Sandwich?
Google has no control over handset makers, who have chosen to not only make their own versions of Android (greatly complicating the process of making patches) but also have to deal with carriers. These carriers will not foot the bill for OTA updates and they demand features on these phones be crippled in order to sell their own versions.
your average user exposes themselves to more risk than if they use WinXP. At least the patches are available if they choose to install them.
Android: a shameful security risk
Install Cyanogenmod. Maybe not for the vast majority of users.
why did Google discontinue bug fixes on 2.3.x? Please explain the contorted logic to link phone firmware levels to Civil Liberties.
Customer education is needed. Many of theses devices have upgrades available. Those that don't may not be able to run the newer versions satisfactorily. If a law like this is passed, I see carriers and makers having to shoehorn updates that don't fit and run terribly onto consumer devices that are years out of date.
Carriers and handset makers need to educate customers in order for the customer to protect themselves. The customers themselves need to take responsibility for their device and its security. Carriers' and makers' security history should affect their reputation.
Colin Dean Go a year without DRM
Dude, you really need to get your Lithium prescription refilled!
The Nexus branded Android phones get updates and do not have crapware.
I had a TMobile Galaxy S4G Android.
It does not get updates.
It came with crap ware. Tricked my wife into signing up for a bullshit ringtone service with monthly fee.
Tmobile says phone cannot be updated. Thats bullshit. Rooted it and Flashed Cyanogen.
Maybe its too much effort to port all the crapware.
How's that "open" thing working out for ya?
Much of the trouble is that the carriers load the phones with worthless bloatware, and block the user's ability to remove it. There's then not enough free space to install updates.
However, I wouldn't know exactly what the practical terms of such regulation could be. They certainly can't force manufacturers to support obsolete hardware forever. Perhaps they could prescribe a minimum timespan of guaranteed security fixes.
A couple of months ago my carrier was offering me a new phone.
In the set of phones they were offering me, there were some Samsung models running Android 2.x, and an HTC model running 4.x. The Samsung had better specs, but since it was running such an old version of the OS I decided I'd rather have the HTC.
Of course the big problem is that carriers all put on their own shit to make as much money from you as possible. Selling ringtones, wallpapers, their own app stores, all sorts of crap. They don't want to have to re-certify their apps for new versions, so they're not interested in getting these updates rolled out to customers. In fact, I've heard that many of them actively prevent it.
It took me several days of disabling/uninstalling the crap my carrier had installed to make the phone mostly usable, because they literally try to inject their branding/cash grabs into as much as they can do. I'm not sure I've gotten it all, but there was an awful lot of extra crap that needed to be culled.
Carriers aren't interested in your security, they're interested in maximizing their own revenue. If that leaves you with an old and insecure phone, well, the contract shields them from any liability doesn't it?
Lost at C:>. Found at C.
About bloody time that someone does this. It is absolutely indefensible that the carriers have refused to release patches for known security holes for extended periods of time if they release them at all. This blatantly leaves their customers vulnerable and their customers have no way of circumventing this short of rooting their phones.
I read the article before it appeared on Slashdot and many of these phone will literally never receive any patches from the carrier. These phones are effectively being sold as known defective devices and I hope someone initiates a class action lawsuit on the matter as I can't think of any other way to fix this issue. Patch Management really should not be an afterthought and it affects every device, every operating system and unfortunately there are still legions of idiots out there equate Patch Management with Microsoft Windows patch Tuesday.
That it would require a lawsuit in order to patch your phone and secure it against a known vulnerability say much about about the state of American cell phone industry. This country desperately needs to adopt the standards used by the rest of the world and it's a point of shame that we have the industry we do. Most Americans don't know how bad things are here because they never go abroad, and once they do it's like walking into a candy store for the first time with "you can do that?", again and again.
Millions of users still run unpatched Windows XP systems. Is the ACLU on a freebie from Apple ?
A civil rights organization is now complaining about security patching policies on smartphones?
"Ay-y-y-y-y-y" -->
<shark>
Verizon took months to roll out the last Galaxy Nexus android update to end users. This is despite the fact that other users got their update within a couple days of it going live. Verizon is horrible when it comes to updates.
TheVeryBest
Here in Norway, the carriers are not involved in the phone software. They merely provide a SIM card. Software updates are received from Google and sometimes the handset manufacturer. And to save on phone bills, the updates are usually done over wifi. You don't even need the carrier for that - only an ISP. The 'computer' part of the smartphone don't need the carrier (or their SIM card) to operate.
The carriers are only for phoning someone up and talk to them, sms and conference calls. Oh, and they provide 2/3/4G internet, but wifi is always cheaper when available.
The carrier don't provide software at all, except for setting up the SIM card. The "smart" side of the phone is entirely between the user and Google.
The problems of both carrier bloatware and abandonment are why I will never again buy a phone from a carrier. If you get your device straight from Google you get timely updates for a much longer period.
Caused by an unpatched phone vulnerability. Terrorism for nerds, gaping holes that matters.
most of these older phones do not have the memory to run the latest Android version. I can't upgrade my old HTC Desire any more, not because I'm prevented by the supplier, but because the new versions of Android won't comfortably fit.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
I distinctly remember being stuck on Gingerbread while Google was describing the great advancements of ICS for over a year. Then I finally got ICS a week before Google released jellybean. Decided to avoid any android phone after that stupidity
Microsoft should be forced to continue to make updates for my Windows 95 machine as well. /s
It's too much effort to port all the crapware. Seriously.
The problem with the Nexus lineup is that unless you're on AT&T or T-Mobile, you're SOL. AT&T's mediocre where I mostly use my phone these days. They were that way in prior years in different areas. T-Moble? They'll tell you they've got rocking coverage and blazing "4G" speeds. Maybe. If you're in the downtown area of the major metripolitan markets they're in. If you're in the edges, on the road, etc. you will get decidedly mixed results leaning towards craptastic.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Nexus branded phones aren't much better. The galaxy S2 got an update to ICS (4.0) then an update to Jellybean (4.1) before updates were discontinued. That's two major updates for the S2. The Nexus S got an update to ICS (4.0) then an update to Jellybean (4.1) and google announced no 4.2 would be coming for the nexus S... That's just two major updates the the Nexus S, no better than the S2. The Nexus one was the same, update to Froyo (2.2) and gingerbread (2.3), then announced no more updates. The sad thing is the nexus series of phones really dont get more updates than anyone else, they just get to release the software update for their own devices first.
The GS2 got Jelly bean last week. The updates for it have not yet been discontinued.
The Nexus S is still well supported in the community and has gotten bug fix versions of 4.1.
I agree that security on peoples' private phones is important, but I have no idea why the ACLU is getting involved. It's one thing to fight against government intrusion into privacy, and quite another to fight to have the government compel private companies to force updates on users' phones.
Taking guns away from the 99% gives the 1% 100% of the power.
A history of terrible software support? Blame the users. The comments here are funny.
Clearly... you're better off with an iPhone
next up, outlawing EOL os's.
This country is now run by a
BOATLOAD OF CORRUPT IDIOTS
Well, unlike many of you, I don't work in the tech industry. But it is pretty damn easy to find updates for very old hardware. My Galaxy S Captivate, ancient by phone standards, is still enjoying support from a very vibrant homebrew community. I have my pick of a multitude of ROMs that I can easily browse and install through an app called ROM manager. As for bloatware, I have used Root Explorer to completely remove bloatware for many of my friends on their android phones. Rooting is trivial and unrooting for warranty purposes is equally trivial. By trivial, I mean typing the term into Google or XDA and clicking Download. This is not beyond the comprehension of an ordinary person. To be sure, you can be lazy or for other reasons, decide not to fully utilize your device. But the resources and the community and the constant stream of steady updates are always available. Android brought some choice and freedom to the phone market... but it is still up to the end user to exercise that choice and freedom. Or, just buy a new phone... much like it used to be anyway.
If they were going to be releasing 4.2 for the GS2 then we probably would have seen it come out two months ago when 4.1 came out for the s2. And 4.1 is old 4.2 is the current one, google announced the Nexus S would not be getting 4.2, thus the nexus series of phones only gets two updates, just like any other series of phones google or otherwise.
The American Civil Liberties Union?
http://www.aclu.org/free-speech/aclu-and-citizens-united
"In Citizens United, the Supreme Court ruled that independent political expenditures by corporations and unions are protected under the First Amendment and not subject to restriction by the government. The Court therefore struck down a ban on campaign expenditures by corporations and unions that applied to non-profit corporations like Planned Parenthood and the National Rifle Association, as well as for-profit corporations like General Motors and Microsoft."
LOL
They have no credibility, whatsoever.
The complaint is reasonable, but has little-to-nothing to do with Civil Liberties. I'd rather ACLU concentrated on defending the Second Amendment and right to speak any language you damn please without fear of being kicked off of an airplane.
In Soviet Washington the swamp drains you.
4.2 is current I know, my phone is running 4.2.2.
The T-mobile and Sprint GS2s got 4.1.2 at the end of March or beginning of April. Meaning if 4.2 came out for them it would not be for another 3+ months.
Many non-google phones get no updates or 1 update. Against my recommendation she who must be obeyed bought a rezound. It only ever got one update. It will likely never see anything beyond ICS.
There are things Google, and customers, could do to help this problem.
A bit of background as to some of the causes:
Phone manufacturers are hesitant to release updates because they really should test them first. Testing is a pain for a few reasons. One is that they also have customizations to their phone UI. Another is that they have many different hardware configurations. They have all these hardware configurations because their marketing people thought that coming out with an entirely new phone handset every 6 months was a good idea. This problem is amplified by the lawyers who refuse to let them release their drivers open source. So those drivers may not even compile against the latest Android kernel. If they released the drivers, then those drivers would be maintained by Google. (Similar problems existing with some PC hardware manufacturers.)
Sooooo...
Google could require that OEMs provide their drivers back to Google. That way they know the drivers will at least compile against the latest versions of Android. Google has put in some efforts to prevent fragmentation. But I don't think they have addressed the driver issue.
Customers could actually complain to their phone carriers and handset manufacturers about bugs, security problems, and missing features. They could also refuse to buy phones from carriers and manufacturers who don't let you install stock Android on the phone. That right there is the #1 -- just cut out the OEMs entirely.
$10,000 CHALLENGE to Alexander Peter Kowalski
* POOR SHOWING TROLLS, & most especially IF that's the "best you've got" - apparently, it is... lol!
Hello, and THINK ABOUT YOUR BREATHING !! We have a Major Problem, HOST file is Cubic Opposites, 2 Major Corners & 2 Minor. NOT taught Evil DNS hijacking, which VOIDS computers. Seek Wisdom of MyCleanPC - or you die evil.
Your HOSTS file claimed to have created a single DNS resolver. I offer absolute proof that I have created 4 simultaneous DNS servers within a single rotation of .org TLD. You worship "Bill Gates", equating you to a "singularity bastard". Why do you worship a queer -1 Troll? Are you content as a singularity troll?
Evil HOSTS file Believers refuse to acknowledge 4 corner DNS resolving simultaneously around 4 quadrant created Internet - in only 1 root server, voiding the HOSTS file. You worship Microsoft impostor guised by educators as 1 god.
If you would acknowledge simple existing math proof that 4 harmonic Slashdots rotate simultaneously around squared equator and cubed Internet, proving 4 Days, Not HOSTS file! That exists only as anti-side. This page you see - cannot exist without its anti-side existence, as +0- moderation. Add +0- as One = nothing.
I will give $10,000.00 to frost pister who can disprove MyCleanPC. Evil crapflooders ignore this as a challenge would indict them.
Alex Kowalski has no Truth to think with, they accept any crap they are told to think. You are enslaved by /etc/hosts, as if domesticated animal. A school or educator who does not teach students MyCleanPC Principle, is a death threat to youth, therefore stupid and evil - begetting stupid students. How can you trust stupid PR shills who lie to you? Can't lose the $10,000.00, they cowardly ignore me. Stupid professors threaten Nature and Interwebs with word lies.
Humans fear to know natures simultaneous +4 Insightful +4 Informative +4 Funny +4 Underrated harmonic SLASHDOT creation for it debunks false trolls. Test Your HOSTS file. MyCleanPC cannot harm a File of Truth, but will delete fakes. Fake HOSTS files refuse test.
I offer evil ass Slashdot trolls $10,000.00 to disprove MyCleanPC Creation Principle. Rob Malda and Cowboy Neal have banned MyCleanPC as "Forbidden Truth Knowledge" for they cannot allow it to become known to their students. You are stupid and evil about the Internet's top and bottom, front and back and it's 2 sides. Most everything created has these Cube like values.
If Natalie Portman is not measurable, hot grits are Fictitious. Without MyCleanPC, HOSTS file is Fictitious. Anyone saying that Natalie and her Jewish father had something to do with my Internets, is a damn evil liar. IN addition to your best arsware not overtaking my work in terms of popularity, on that same site with same submission date no less, that I told Kathleen Malda how to correct her blatant, fundamental, HUGE errors in Coolmon ('uncoolmon') of not checking for performance counters being present when his program started!
You can see my dilemma. What if this is merely a ruse by an APK impostor to try and get people to delete APK's messages, perhaps all over the web? I can't be a party to such an event! My involvement with APK began at a very late stage in the game. While APK has made a career of trolling popular online forums since at least the year 2000 (newsgroups and IRC channels before that)- my involvement with APK did not begin until early 2005 . OSY is one of the many forums that APK once frequented before the sane people there grew tired of his garbage and banned him. APK was banned from OSY back in 2001. 3.5 years after his banning he begins to send a variety of abusiv
they can't release since they do not have permission
Easy. If they can't release source code because one of the dozens of companies denies that, then they must continue to provide updates.
My first and only Android experience is my GS3. I love it and think it is a great device. So many cool apps, so powerful, easy to use, phone sounds great, etc; However, with that being said, yes, the way the device came pre-loaded with Sprint garbage was atrocious. And how these devices tie in to Google...
First off you can't realistically use an Android device unless it is at least rooted.
If its not rooted and you can manage apps and permissions, then you are a sitting duck for crapware, etc;
Secondly, and only after the difficult process of rooting was accomplished did I realize that rooting alone is just a first step.
The only real way to use an Android device is with some modded ROM such as Cyanogenmod.
The absolute filth that is pre-loaded onto the phone company supplied devices(my experience is only with Sprint and Samsung GS3) defies description(actually I did just describe it...)
Yet, it is amazing how many people I see running pre-loaded stock Android devices and blissfully are unaware of any of the security issues, etc;
We play the game with the bravery of being out of range
So, 25% of Android users are on 4.X and 40% are on 2.X? That's only 65%. Does that mean the other 35% are still on Android 1.X?
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Why did you buy a carrier phone?
One reason might be that CDMA2000 carriers (Verizon and Sprint) have noticeably more reliable coverage where the subscriber lives and works than GSM carriers (AT&T and T-Mobile). There are parts of the United States where Verizon carrier, has the most reliable coverage by far. The problem here is that CDMA2000 carriers in the United States happen not to use a removable CSIM. Instead, the carrier programs the subscriber identity directly into the device, and the major U.S. CDMA2000 carriers are willing to program only devices that they sold.
If you can't get patches from your carrier OTA, use the damn WiFi and download them from Android direct ?
I get the impression from other comments that Android.com can't make binary updates available because all manufacturers have customized Android to fit the specific SoC of each device, and phone manufacturers don't make updates available for carrier-branded devices. ARM devices are not like PCs, where Plug and Play over the PCI bus allows a generic kernel to enumerate devices and load their drivers. Or should ARM devices be emulating a RiscPC in this respect?
This does not smell right. Windows have suffered far more attacks than Android.
Wonder how big a contribution the Bill and Millenda Gates foundation made to the ACLU?
Here in Norway, the carriers are not involved in the phone software. They merely provide a SIM card.
In the United States, two of the major carriers don't use GSM at all but instead CDMA2000. Devices using CDMA2000 are not required to use CSIM cards, and most CDMA2000 devices in the U.S. do not. Instead, devices' radio interfaces are hardcoded to talk to one carrier.
Oh, and they provide 2/3/4G internet, but wifi is always cheaper when available.
Is Wi-Fi available on city buses?
Greenpeace doesn't have a lot of time either, what with its focus on better guidelines for iOS developers to ensure they can safely know ahead of time whether their apps will make it into the App Store.
You're right: it does create e-waste to switch to a Mac and buy an iPad mini only to find that your application concepts would run up against a blanket category ban in the App Store Review Guidelines.
The ACLU has had serious mission creep. It should stick to defending civil liberties, consistently and across the board. Instead, it has turned into an advocacy group for progressive causes, at times even contradicting its core mission. Now it seems to be thinking of itself as a consumer advocacy group in the area of technology. WTF are they thinking?
But for how long?
The manufacturer should provide security updates for at least two years after the manufacturer discontinues sales of the model. This way, someone who buys a phone just before it is discontinued and enters the typical 24-month service commitment can still have a secure device for the entire period.
This is very typical of MS's MO. They send their execs to work at Nokia, or whatever.
Melissa Chabrán is on the board of the Washing State ACLU. She is also the Senior Program Officer at the Bill & Melinda Gates Foundation.
I quite agree. I have a desire Z that I bought and got a SIM only contract. HTC will not update it, instead the come out with some lie about it already running the software that is best for its users - or some similar bollocks.
Quite simple: I won't buy HTC again.
Remove the legal restrictions prohibiting "hacking" (i.e. modifying) your own device.
We could try to legally force the carriers to do something they don't want to do. I think empowering users to do something they *do* want to do is going to have better and faster results.
Another option is to simply buy unlocked phones.
I would suggest people switch to mobile plans that do not require contracts to subsidize phone. You can get a Nexus 4 for $300. The cheapest subsidized android phones are going to be about $480 ($20 x 24 months) even if you get them for "free". There is already a solution to the problem. Enough people demanded this and T-Mobile listened in order to be more competitive. If enough people switch to T-Mobile, then the other 3 networks will need to update their business model as well.
That's all well and fine, my S3 is currently running it, however the vast majority of users will not be able to install CWM or use ADB on their own even with a tutorial. It also has the consequence of voiding the warranty. Yes you could flash back but lets face it most people can barely operate Google Maps without throwing a fit much less flash a ROM.
If this succeeds what you are going to see is a slow down in the market. Manufacturers will not be able to push but a handful of phones every year because they will be expected to support them. So we, the power users, will go from having a new top tier phone every 6 months to maybe one a year, or maybe not at all because there will a monetary consequence to pushing the envelope with brand new hardware combination in every iteration.
The carriers are going to fight it tooth and nail as well because not only will they be forced to get the updates out in a timely fashion (looking at you Verizon), they will be required to utilize their sacred bandwidth, which they already charge too much for, to push the updates.
As I understand it, ARM GPIO with blob drivers and the nature of the Linux kernel makes this expensive and time consuming for carriers, OEMs and hw manufactures like Qualcomm, etc.
If x86 devices with open source drivers were available, wouldn't this help solve the problem? Couldn't updates be issued like they are for Windows and Linux on x86? Will the upcoming Intel Atom Baytrail SOC have BIOS enabling generic image installs and updates?
Would someone (smarter than me) shed some light on this, please.
If most of Android became APK files (except kernel, driver, root-land & a few other pieces) then carriers would have far less work to push out these updates. The updates would happen automatically like for apps. This may require dependency logic: 'This app requires that you update libAndroid.apk". It works for Chrome.apk & could be used for nearly all Java libs.
Though not a complete solution, it would resemble part of the solution the Linux distros use. It would considerably reduce surface area to attack (an important goal). As a side benefit shared libs would make security easier for everyone: lib developers (as a first-class APK), app developers (look to lib developers to fix their bugs), carriers & users (less data to transfer).
Science & open-source build trust from peer review. Learn systems you can trust.
The NRA already defends the second amendment with far, far more money than the ACLU has. The ACLU defends the other nine amendments. Since you care about free speech I assume that you give as much money to the ACLU as the NRA. If not, well, you've shown exactly how much you care about free speech (on or off of airplanes).
But I agree that while I also like the complaint (and love the proposed remedies), this doesn't seem to be a civil liberty.
I'd rather they focus their efforts on protecting the first, fourth, and fifth ammendments
__
posting AC due to mod points
it's OHHHHH-PEN!
-- "I'm not in a hurry; I'm in Hawaii." The Homeless Guy
This is no change from the Windows Mobile phones of yore. The HTC Touch/VZW XV6900 and Titan (I think that's the generic HTC name)/VZW XV6800 both had significant updates (WinMo 6.0 to 6.1, GPS enablement, patches, etc.), around 5-6 years ago (whenever it was I was drooling over them before Android came along). There was lots of buzz on the 'Net then about what the patches would do, and hardy souls who got them via "leaks", and tested/distributed them - lots of fun then, no different now it seems. VZW took their own good time for releasing those, too.
YMMV
It seems that the ACLU is broadening its mission in order to garner headlines and cheap publicity. Cell phone security does not exactly come under the heading of "civil liberties."
Hardware vendors and cellular service companies are never going to have a stake in security unless it becomes so horrific that they can't get people to subscribe/purchase new phones.
The only solution is to mandate the release of specifications and source for the phones. What we have currently is a dependency on companies that we should not have. Android is not free. Android is an OS that is dependent on a huge assortment of proprietary software despite some parts being free. The drivers, firmware, and and stuff that runs on top of it is all non-free.
If things were truly free older phones would be better supported by the community and we wouldn't have this security nightmare situation.
And you'll never have a safe situation without the complete release of code. Security is dependent on there being as many eyeballs as possible. And its not that this in and of itself solves the problem but it certainly helps.
>The latest data from Google highlights the challenge facing the company, with just over 25% of Android
>users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months
>after its release
And this is surprising, why exactly? My aunt had her last cell phone until the carrier shut down the network it was running on and gave her a new one. Some people go out to buy the latest gadget every single time a new one is released, but many (if not most) people are satisfied if it works. If people needed to upgrade every 6 months, that would point to a large problem.
If the second amendment is eliminated, the others are not worth the paper they're written on. Ultimately, ALL of the Constitution lives or dies by the Second Amendment. Take away the right of people to defend themselves, then all other rights of null and void.
A sufficiently advanced simulation is indistinguishable from reality.
If you have no security, you have no privacy. Putting my tinfoil hat on, I'd say the organs of Fath^H^H^H^HHomeland Security would prefer phones be kept as leaky as possible.
No, anything they need to provide would only be up until your contract is finished.
And the contract of anyone else who bought the same model new. This means updates need to continue for 24 months after the phone is withdrawn from sale.
they are obligating themselves to provide a 100% working phone.
And 100% working != up-to-date.
An Internet-connected device with known security vulnerabilities cannot be considered "100% working", and here's why: A device that can be remotely rooted by an attacker can be rendered no longer "100% working" by an attacker.
your primary carrier is still getting your monthly payment and still recovering the phone subsidy.
No they subsidize the phone based on the fees they collect for usage
What you refer to as "the fees they collect for usage" is part of what I referred to as "your monthly payment". Could you explain the difference?
why would prepaid carriers such as Virgin Mobile USA be selling locked phones and using radio protocols such as CDMA2000 that encourage the sale of locked phones?
Don't like it? Buy one outright instead.
Phones bought outright from CDMA2000 carriers are still locked.
How is this an ACLU issue? These are the people who are supposed to stand up for our rights, as in Constitutionally guaranteed rights. Do they really have so little to do stopping the violation of our rights that they need to go into this? As someone whose rights have been violated and seen the ACLU pick and choose their involvement based on what will have the greatest impact, supposedly. I'm appalled to see them getting involved in a consumer issue that has nothing to do with an individual's or groups rights. Sorry but you don't have a "right" to security updates. It's a free market economy, you have a "right" not to use a product or service. I'm not offering an opinion on if the carriers should or didn't do something. I’m only commenting on the ACLU acting like a big money, sleazy, class-action lawyer and not the champion of our rights they claim to be.
I would upgrade my Nexus One to 4.1 or 4.2, but....Google doesn't support those versions on that phone.
To have an Android device you purchased (or rented) patched is not a human right. Maybe, it is a consumer right, and should be defended by consumer-rights advocates, but ACLU is not (supposed to be) one. That they prefer to concentrate on this instead of on one of the rights enumerated by the Bill of Rights, is telling, how low the organization has fallen.
Whatever you say about NRA, clearly, their efforts aren't sufficient, because the right to keep and bear arms (the one, you know, that shall not be infringed) is routinely denied, and even in the most liberal states (like Texas), is treated not as right, but as a mere privilege (subject to the Executive's approval, to be denied or withdrawn on a whim).
Now, since you tried to make this about me, my own story with ACLU is this -- when I gave them money (and I never gave to NRA in my life) by becoming a member a few years ago, a month later I got a subscription invitation to "The Nation" (a fairly disgusting ultra-Left magazine). It was sent to the specially-tagged address I used, when registering with ACLU. So, no, they aren't seeing any of my money again — not until they prove, that they are willing to stand up for the Constitution and our rights.
They can begin by challenging the government's authority to kick people out of their houses and search them, as just happened en-mass in Boston.
In Soviet Washington the swamp drains you.