Slashdot Mirror
ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
I think this shows one of the greatest flaws in the not owning your hardware debate. What happens when you the company that owns it simply gives up on support??? You're left holding the bag but can't change it's content.
your average user exposes themselves to more risk than if they use WinXP. At least the patches are available if they choose to install them.
Android: a shameful security risk
Install Cyanogenmod. Maybe not for the vast majority of users.
why did Google discontinue bug fixes on 2.3.x? Please explain the contorted logic to link phone firmware levels to Civil Liberties.
The google branded devices are going to be the up to date ones. The other brands and especially the carrier specific devices are what is out of date.
Customer education is needed. Many of theses devices have upgrades available. Those that don't may not be able to run the newer versions satisfactorily. If a law like this is passed, I see carriers and makers having to shoehorn updates that don't fit and run terribly onto consumer devices that are years out of date.
Carriers and handset makers need to educate customers in order for the customer to protect themselves. The customers themselves need to take responsibility for their device and its security. Carriers' and makers' security history should affect their reputation.
Colin Dean Go a year without DRM
Dude, you really need to get your Lithium prescription refilled!
I think you missed the point. Google has published the patches but the carriers have not distributed them.
What part of "carrier" made you think that a post about Google was relevant here?
'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers'
Highlighted the important part from TFS. Google's released patches. Carriers are refusing to give them to their customers. There's nothing Google can do about that. Hence why the ACLU is lobbying the FTC to force the carriers into action.
"Always forgive your enemies; nothing annoys them so much." - Oscar Wilde
Much of the trouble is that the carriers load the phones with worthless bloatware, and block the user's ability to remove it. There's then not enough free space to install updates.
However, I wouldn't know exactly what the practical terms of such regulation could be. They certainly can't force manufacturers to support obsolete hardware forever. Perhaps they could prescribe a minimum timespan of guaranteed security fixes.
A couple of months ago my carrier was offering me a new phone.
In the set of phones they were offering me, there were some Samsung models running Android 2.x, and an HTC model running 4.x. The Samsung had better specs, but since it was running such an old version of the OS I decided I'd rather have the HTC.
Of course the big problem is that carriers all put on their own shit to make as much money from you as possible. Selling ringtones, wallpapers, their own app stores, all sorts of crap. They don't want to have to re-certify their apps for new versions, so they're not interested in getting these updates rolled out to customers. In fact, I've heard that many of them actively prevent it.
It took me several days of disabling/uninstalling the crap my carrier had installed to make the phone mostly usable, because they literally try to inject their branding/cash grabs into as much as they can do. I'm not sure I've gotten it all, but there was an awful lot of extra crap that needed to be culled.
Carriers aren't interested in your security, they're interested in maximizing their own revenue. If that leaves you with an old and insecure phone, well, the contract shields them from any liability doesn't it?
Lost at C:>. Found at C.
About bloody time that someone does this. It is absolutely indefensible that the carriers have refused to release patches for known security holes for extended periods of time if they release them at all. This blatantly leaves their customers vulnerable and their customers have no way of circumventing this short of rooting their phones.
I read the article before it appeared on Slashdot and many of these phone will literally never receive any patches from the carrier. These phones are effectively being sold as known defective devices and I hope someone initiates a class action lawsuit on the matter as I can't think of any other way to fix this issue. Patch Management really should not be an afterthought and it affects every device, every operating system and unfortunately there are still legions of idiots out there equate Patch Management with Microsoft Windows patch Tuesday.
That it would require a lawsuit in order to patch your phone and secure it against a known vulnerability say much about about the state of American cell phone industry. This country desperately needs to adopt the standards used by the rest of the world and it's a point of shame that we have the industry we do. Most Americans don't know how bad things are here because they never go abroad, and once they do it's like walking into a candy store for the first time with "you can do that?", again and again.
The difference is MS makes patches available.
Now for the people still running Windows 2000, not so much.
Verizon took months to roll out the last Galaxy Nexus android update to end users. This is despite the fact that other users got their update within a couple days of it going live. Verizon is horrible when it comes to updates.
TheVeryBest
Here in Norway, the carriers are not involved in the phone software. They merely provide a SIM card. Software updates are received from Google and sometimes the handset manufacturer. And to save on phone bills, the updates are usually done over wifi. You don't even need the carrier for that - only an ISP. The 'computer' part of the smartphone don't need the carrier (or their SIM card) to operate.
The carriers are only for phoning someone up and talk to them, sms and conference calls. Oh, and they provide 2/3/4G internet, but wifi is always cheaper when available.
The carrier don't provide software at all, except for setting up the SIM card. The "smart" side of the phone is entirely between the user and Google.
The problems of both carrier bloatware and abandonment are why I will never again buy a phone from a carrier. If you get your device straight from Google you get timely updates for a much longer period.
This is one of the reasons I recommend Google phones to my friends who like Android.
most of these older phones do not have the memory to run the latest Android version. I can't upgrade my old HTC Desire any more, not because I'm prevented by the supplier, but because the new versions of Android won't comfortably fit.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
No, the difference is that no one is blocking anyone from getting the XP updates that Microsoft releases. This isn't about Google no longer supplying updates to old Android versions, it's about carriers blocking users from getting updates.
So why not let users update the SW themselves over the internet?
Have it make a notice for users to update next time they are on a wifi network, or connected to a computer.
Carriers don't want to not because it'll cost them money, but because it wont sell any more decides so what do they care?
It's too much effort to port all the crapware. Seriously.
The problem with the Nexus lineup is that unless you're on AT&T or T-Mobile, you're SOL. AT&T's mediocre where I mostly use my phone these days. They were that way in prior years in different areas. T-Moble? They'll tell you they've got rocking coverage and blazing "4G" speeds. Maybe. If you're in the downtown area of the major metripolitan markets they're in. If you're in the edges, on the road, etc. you will get decidedly mixed results leaning towards craptastic.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Because someone still has to port the update to the phone. This is because many devices are not running stock android. If the kernel changes or the issue is with a driver then you are looking at a whole ball of wax.
The issue here is that ARM has nothing like PCI, and has traditionally not had to worry about this sort of thing. This means bootloaders and everything else can and are different across devices.
Carriers don't want to pay for updates because they want you to buy another device.
Oh really? Because I have a Nexus One here which would disagree (if it were able to go long enough without crashing to do so). Running 2.3.6 and it will forevermore report itself as "up to date," because google decided the phone was too old to receive updates after less than 2 years.
the most powerful intellect is that unbounded by indubitable preconception
The carriers want you to agree to a new phone/contract, not keep using your current phone. Preventing your current phone from running apps that require Android 4.x by preventing you from upgrading to 4.x is a great (great as in "heads I win, tails you lose", "you" as in "you've never heard of Slashdot") way of motivating you to get a new phone and a new contract.
Nexus branded phones aren't much better. The galaxy S2 got an update to ICS (4.0) then an update to Jellybean (4.1) before updates were discontinued. That's two major updates for the S2. The Nexus S got an update to ICS (4.0) then an update to Jellybean (4.1) and google announced no 4.2 would be coming for the nexus S... That's just two major updates the the Nexus S, no better than the S2. The Nexus one was the same, update to Froyo (2.2) and gingerbread (2.3), then announced no more updates. The sad thing is the nexus series of phones really dont get more updates than anyone else, they just get to release the software update for their own devices first.
The GS2 got Jelly bean last week. The updates for it have not yet been discontinued.
The Nexus S is still well supported in the community and has gotten bug fix versions of 4.1.
I agree that security on peoples' private phones is important, but I have no idea why the ACLU is getting involved. It's one thing to fight against government intrusion into privacy, and quite another to fight to have the government compel private companies to force updates on users' phones.
Taking guns away from the 99% gives the 1% 100% of the power.
The Nexus one is ancient.
The Nexus line gets updates quickly, not for a longer period of time.
You could easily find community Roms for it if you wanted.
A history of terrible software support? Blame the users. The comments here are funny.
I have a Nexus One as well.
I don't really mind not getting an update to ICS or Jelly Bean. I DO mind not getting bug fixes.
So why not let users update the SW themselves over the internet?
Have it make a notice for users to update next time they are on a wifi network, or connected to a computer.
Carriers don't want to not because it'll cost them money, but because it wont sell any more decides so what do they care?
If anything, maybe force the carriers & phone manufacturer to release all the source code for the device they stop updating. Let the community take over if they wish. This is the only reason ROMS for rooted users have bugs. The devs have to guess how various things like the radios work.
Nice idea, but impractical due to all the proprietary HW in the phone; they can't release since they do not have permission. You'd need dozens of companies to grant permission for that.
Google branded devices are also not that popular. Android is more of a Samsung thing.
Remember the riots that took place because people running Gingerbread were arbitrarily deemed to be using devices too slow to handle the demands of Ice Cream Sandwich?
I love when they use the "your device is too slow" excuse while hundreds if not thousands of rooted people are running versions of Android 1/2 major versions ahead without any problem. I remember putting 4.1 on my HTC Thunderbolt and having it runs leaps and bounds faster than the bloated 2.3.4 that it was on.
I sometimes wonder if they tweak the Android system to run slower just so people will go out and buy a new phone.
Did you hear the new iPhone 5 is out! It's.... taller?
Just because Google isn't actively providing updates it doesn't mean you can't still install them. If your phone has a locked bootloader that isn't the case.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
In other words, just like the GP said, Google said go fuck yourself after 1.5 years.
Yeah, that's SO much better than the carriers.
Well, unlike many of you, I don't work in the tech industry. But it is pretty damn easy to find updates for very old hardware. My Galaxy S Captivate, ancient by phone standards, is still enjoying support from a very vibrant homebrew community. I have my pick of a multitude of ROMs that I can easily browse and install through an app called ROM manager. As for bloatware, I have used Root Explorer to completely remove bloatware for many of my friends on their android phones. Rooting is trivial and unrooting for warranty purposes is equally trivial. By trivial, I mean typing the term into Google or XDA and clicking Download. This is not beyond the comprehension of an ordinary person. To be sure, you can be lazy or for other reasons, decide not to fully utilize your device. But the resources and the community and the constant stream of steady updates are always available. Android brought some choice and freedom to the phone market... but it is still up to the end user to exercise that choice and freedom. Or, just buy a new phone... much like it used to be anyway.
If they were going to be releasing 4.2 for the GS2 then we probably would have seen it come out two months ago when 4.1 came out for the s2. And 4.1 is old 4.2 is the current one, google announced the Nexus S would not be getting 4.2, thus the nexus series of phones only gets two updates, just like any other series of phones google or otherwise.
The American Civil Liberties Union?
http://www.aclu.org/free-speech/aclu-and-citizens-united
"In Citizens United, the Supreme Court ruled that independent political expenditures by corporations and unions are protected under the First Amendment and not subject to restriction by the government. The Court therefore struck down a ban on campaign expenditures by corporations and unions that applied to non-profit corporations like Planned Parenthood and the National Rifle Association, as well as for-profit corporations like General Motors and Microsoft."
LOL
They have no credibility, whatsoever.
The complaint is reasonable, but has little-to-nothing to do with Civil Liberties. I'd rather ACLU concentrated on defending the Second Amendment and right to speak any language you damn please without fear of being kicked off of an airplane.
In Soviet Washington the swamp drains you.
4.2 is current I know, my phone is running 4.2.2.
The T-mobile and Sprint GS2s got 4.1.2 at the end of March or beginning of April. Meaning if 4.2 came out for them it would not be for another 3+ months.
Many non-google phones get no updates or 1 update. Against my recommendation she who must be obeyed bought a rezound. It only ever got one update. It will likely never see anything beyond ICS.
There are things Google, and customers, could do to help this problem.
A bit of background as to some of the causes:
Phone manufacturers are hesitant to release updates because they really should test them first. Testing is a pain for a few reasons. One is that they also have customizations to their phone UI. Another is that they have many different hardware configurations. They have all these hardware configurations because their marketing people thought that coming out with an entirely new phone handset every 6 months was a good idea. This problem is amplified by the lawyers who refuse to let them release their drivers open source. So those drivers may not even compile against the latest Android kernel. If they released the drivers, then those drivers would be maintained by Google. (Similar problems existing with some PC hardware manufacturers.)
Sooooo...
Google could require that OEMs provide their drivers back to Google. That way they know the drivers will at least compile against the latest versions of Android. Google has put in some efforts to prevent fragmentation. But I don't think they have addressed the driver issue.
Customers could actually complain to their phone carriers and handset manufacturers about bugs, security problems, and missing features. They could also refuse to buy phones from carriers and manufacturers who don't let you install stock Android on the phone. That right there is the #1 -- just cut out the OEMs entirely.
I don't use Android phones, but different phones use different specially modified versions of Android. It's not like every version of Android is exactly the same.
You can't just go get a random version of Android and run it on any specific phone.
If you can't get patches from your carrier OTA, use the damn WiFi and download them from Android direct ?
Well, to paraphrase the news monster...
Android updates do not work that way!
GOODNIGHT!
An enigma, wrapped in a riddle, shrouded in bacon and cheese
they can't release since they do not have permission
Easy. If they can't release source code because one of the dozens of companies denies that, then they must continue to provide updates.
Microsoft should be forced to continue to make updates for my Windows 95 machine as well. /s
Right; and AT&T should be forced to continue making updates for System V.
Gawd, but are you an obtuse fucking moron...
An enigma, wrapped in a riddle, shrouded in bacon and cheese
My first and only Android experience is my GS3. I love it and think it is a great device. So many cool apps, so powerful, easy to use, phone sounds great, etc; However, with that being said, yes, the way the device came pre-loaded with Sprint garbage was atrocious. And how these devices tie in to Google...
First off you can't realistically use an Android device unless it is at least rooted.
If its not rooted and you can manage apps and permissions, then you are a sitting duck for crapware, etc;
Secondly, and only after the difficult process of rooting was accomplished did I realize that rooting alone is just a first step.
The only real way to use an Android device is with some modded ROM such as Cyanogenmod.
The absolute filth that is pre-loaded onto the phone company supplied devices(my experience is only with Sprint and Samsung GS3) defies description(actually I did just describe it...)
Yet, it is amazing how many people I see running pre-loaded stock Android devices and blissfully are unaware of any of the security issues, etc;
We play the game with the bravery of being out of range
So, 25% of Android users are on 4.X and 40% are on 2.X? That's only 65%. Does that mean the other 35% are still on Android 1.X?
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
Why did you buy a carrier phone?
One reason might be that CDMA2000 carriers (Verizon and Sprint) have noticeably more reliable coverage where the subscriber lives and works than GSM carriers (AT&T and T-Mobile). There are parts of the United States where Verizon carrier, has the most reliable coverage by far. The problem here is that CDMA2000 carriers in the United States happen not to use a removable CSIM. Instead, the carrier programs the subscriber identity directly into the device, and the major U.S. CDMA2000 carriers are willing to program only devices that they sold.
If you can't get patches from your carrier OTA, use the damn WiFi and download them from Android direct ?
I get the impression from other comments that Android.com can't make binary updates available because all manufacturers have customized Android to fit the specific SoC of each device, and phone manufacturers don't make updates available for carrier-branded devices. ARM devices are not like PCs, where Plug and Play over the PCI bus allows a generic kernel to enumerate devices and load their drivers. Or should ARM devices be emulating a RiscPC in this respect?
This does not smell right. Windows have suffered far more attacks than Android.
Wonder how big a contribution the Bill and Millenda Gates foundation made to the ACLU?
Here in Norway, the carriers are not involved in the phone software. They merely provide a SIM card.
In the United States, two of the major carriers don't use GSM at all but instead CDMA2000. Devices using CDMA2000 are not required to use CSIM cards, and most CDMA2000 devices in the U.S. do not. Instead, devices' radio interfaces are hardcoded to talk to one carrier.
Oh, and they provide 2/3/4G internet, but wifi is always cheaper when available.
Is Wi-Fi available on city buses?
Greenpeace doesn't have a lot of time either, what with its focus on better guidelines for iOS developers to ensure they can safely know ahead of time whether their apps will make it into the App Store.
You're right: it does create e-waste to switch to a Mac and buy an iPad mini only to find that your application concepts would run up against a blanket category ban in the App Store Review Guidelines.
The ACLU has had serious mission creep. It should stick to defending civil liberties, consistently and across the board. Instead, it has turned into an advocacy group for progressive causes, at times even contradicting its core mission. Now it seems to be thinking of itself as a consumer advocacy group in the area of technology. WTF are they thinking?
But for how long?
The manufacturer should provide security updates for at least two years after the manufacturer discontinues sales of the model. This way, someone who buys a phone just before it is discontinued and enters the typical 24-month service commitment can still have a secure device for the entire period.
I believe their (unofficial) corporate motto is "Don't be evil", not "Be good". You are suggesting that it is Google's job to restrict the freedoms of others so that they can be a corporate policeman and enforce their idea of what level of support a company should offer. And, I am assuming that you would want them to then sue said company if they violated the license terms by not updating the OS on their customer's phone. While you may think this is "good", it sounds a little big-brothery and controlling and a little like how patent trolls operate. Which would seem closer to "evil" to me than what they are currently doing.
This is very typical of MS's MO. They send their execs to work at Nokia, or whatever.
Melissa Chabrán is on the board of the Washing State ACLU. She is also the Senior Program Officer at the Bill & Melinda Gates Foundation.
You must have an interesting definition for the word "popular".
I quite agree. I have a desire Z that I bought and got a SIM only contract. HTC will not update it, instead the come out with some lie about it already running the software that is best for its users - or some similar bollocks.
Quite simple: I won't buy HTC again.
Remove the legal restrictions prohibiting "hacking" (i.e. modifying) your own device.
We could try to legally force the carriers to do something they don't want to do. I think empowering users to do something they *do* want to do is going to have better and faster results.
Another option is to simply buy unlocked phones.
I would suggest people switch to mobile plans that do not require contracts to subsidize phone. You can get a Nexus 4 for $300. The cheapest subsidized android phones are going to be about $480 ($20 x 24 months) even if you get them for "free". There is already a solution to the problem. Enough people demanded this and T-Mobile listened in order to be more competitive. If enough people switch to T-Mobile, then the other 3 networks will need to update their business model as well.
Ya your Nexus One is ancient, it's.... what? You say the 4 year old iPhone 3GS runs the latest iOS 6.1? Oh.... umm idk then, i guess buy apple next time
my karma will be here long after I'm gone
I'm not sure what planet you're on but samsung by far sells the most android phones. 42% of android phones are samsung phones globally and in the US the percentage is even higher. I believe the next highest percentage was something like 12% with the rest in single digits. The Nexus 4 isn't even a real contender amongst Android phones.
That's all well and fine, my S3 is currently running it, however the vast majority of users will not be able to install CWM or use ADB on their own even with a tutorial. It also has the consequence of voiding the warranty. Yes you could flash back but lets face it most people can barely operate Google Maps without throwing a fit much less flash a ROM.
If this succeeds what you are going to see is a slow down in the market. Manufacturers will not be able to push but a handful of phones every year because they will be expected to support them. So we, the power users, will go from having a new top tier phone every 6 months to maybe one a year, or maybe not at all because there will a monetary consequence to pushing the envelope with brand new hardware combination in every iteration.
The carriers are going to fight it tooth and nail as well because not only will they be forced to get the updates out in a timely fashion (looking at you Verizon), they will be required to utilize their sacred bandwidth, which they already charge too much for, to push the updates.
If most of Android became APK files (except kernel, driver, root-land & a few other pieces) then carriers would have far less work to push out these updates. The updates would happen automatically like for apps. This may require dependency logic: 'This app requires that you update libAndroid.apk". It works for Chrome.apk & could be used for nearly all Java libs.
Though not a complete solution, it would resemble part of the solution the Linux distros use. It would considerably reduce surface area to attack (an important goal). As a side benefit shared libs would make security easier for everyone: lib developers (as a first-class APK), app developers (look to lib developers to fix their bugs), carriers & users (less data to transfer).
Science & open-source build trust from peer review. Learn systems you can trust.
If you come at it from the "Don't be evil" side for consumers, then I win: Google should license only phone vendors that promise to update their phones automatically for 5 years.
The NRA already defends the second amendment with far, far more money than the ACLU has. The ACLU defends the other nine amendments. Since you care about free speech I assume that you give as much money to the ACLU as the NRA. If not, well, you've shown exactly how much you care about free speech (on or off of airplanes).
But I agree that while I also like the complaint (and love the proposed remedies), this doesn't seem to be a civil liberty.
The statements "Google branded phones are popular" and "Samsung phones are popular" are not mutually exclusive. Afterall 2 out of 4 google phones were Samsung.
Also samsung (along with other manufacturers) makes a lot of different phones. It is possible for a phone to have a relatively high market share even if the company that makes it does not.
Apple: 36.3%
Samsung: 21%
HTC: 10.2%
Motorola: 9.1%
LG: 7.1%
Furthermore, I don't think the takeaway from this chart is that Samsung is the clear winner and HTC, Motorola, and LG are losers. If that were the case then it would be just as easy to claim everyone except Apple was a loser.
To me that looks like nobody clearly dominates the market.
I wonder how old is the iPhone 3GS, because, afaik, it's still getting OS updates and patches. Heh.
So, you are really trying to say that Google is an EVIL corporation because they do not police other corporations and FORCE them to be good companies? I am starting to believe that you are just trolling. You have a very broad view of evil. What does this make the phone vendors? Extra-strength Evil? Super Evil? Mega-Evil? It would also be nice if Google would bring about world peace, but I don't think that they are Evil because they haven't done it.
I find it interesting that because a company publicly says that they are going to try not to be "Evil", people come out and say that everything that they do that is not exactly what the person wants them to do falls into the "Evil" category. Discontinuing Google Reader -> Evil. Targeted Ads -> Evil. Tracking your behavior (but not selling it to anyone or allowing anyone to see your personally identifiable information) -> Evil. Google has not forced anyone to do anything. If you don't want them to know what you do, then just disable your cookies. Where companies start to be "evil" in my book is when they start pushing around consumers because they can. Because they have a monopoly or have you locked in so they know that you can't vote with your money. From everything I have seen, Google is a good company that tries to make their consumers (the average joe) happy, even though their real customers are the companies they sell ads to. If you want to be a hater, then I can't stop you. But know that you are hating only because you want them to fail, because you believe that people cannot succeed at being good so when someone tries to do it you look for anything that can prove that they aren't, and ignore anything that shows that they are.
You would also need enough hardware specifications to create/update drivers.
true. cyanogen was great on my triumph except for the camera (it would click periodically as the autofocus just cycled back and forth; occasionally you'd get lucky, so i just took ten pictures instead of one and pick the best) and the hdmi. both were reverse-engineered as best as possible, which in the case of hdmi was not at all.
of course the triumph was still a piece of shit overall; i bought a nexus 4. it works well for now.
still don't see how this something the aclu should be doing.
"They were pure niggers." – Noam Chomsky
The OS 6.1 for 3GS with striped features is about as "updated" as Android 2.3.6.
Except for security updates, presumably.
it's OHHHHH-PEN!
-- "I'm not in a hurry; I'm in Hawaii." The Homeless Guy
From what I see of success it is spelled "Vertically Integrated" in mass market electronics and now with Google getting more adept and buying a "SIRI competitor" I am looking at Google getting its act together and making its own hardware and becoming more like Apple.
If Google does that and controls the updates for their customers like Apple does and possibly changes the Android license to HTC, et al, then I would count Google as being more consumer friendly and good.
It seems that the ACLU is broadening its mission in order to garner headlines and cheap publicity. Cell phone security does not exactly come under the heading of "civil liberties."
Presumably,
Why are there some people that are always advocating that the government should FORCE others to do this or that, when it only benefits a very small segment of the population but has absolutely zero benefit for the public? One reason Apple devices are selling well, is because people know that Apple supports their products for a reasonable time, without being forced to do so by another useless government edict. Would it cost the world for a company like Samsung to put up a website, where people could download new versions and bug patches of the software that runs their devices? If you are contemplating buying a certain device from a certain manufacturer, find out how and for how long they support their gadget.
A sufficiently advanced simulation is indistinguishable from reality.
You want to do a run-down of features from the latest iOS that aren't available on the special version for the 3GS?
- Michael T. Babcock (Yes, I blog)
Because in some cases those patches aren't immediately compatible with the phone hardware or the "special" changes that carrier or phone hardware OEM has made to Android.
- Michael T. Babcock (Yes, I blog)
All security patches, which is the entire point of this discussion. So what do you want to pull out of your ass now fanboy?
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
I think you missed the point. Google has published the patches but the carriers have not distributed them.
Actually, may be they have. In the sources the ACLU is using for its FTC complaint, the most thorough and well researched article they're using to support their point, is purposefully not counting minor updates:
(Note that we define "update" as a major point release of Android—2.2 Froyo, 2.3 Gingerbread, 4.0 Ice Cream Sandwich. More minor updates or firmware releases are not accounted for here.)
Now I understand Android users getting pissed off for not getting major updates, but if we're really talking about "security updates", minor versions should at least be counted. Gingerbread for instance is not going away anytime soon. All manufacturers for instance are still making the cheaper single processor Gingerbread phones, and they currently have no plans of ever stopping that (at least not for the lower end of the market). Does that mean that Gingerbread is insecure? Not in the least, Google is still making minor security updates for Gingerbread and will probably continue to do so for years to come.
And ACLU's Christopher Soghian, author/first signature of the two on the formal ACLU complaint, is quoting a Washington Post article which is only quoting himself, ACLU's Christopher Soghian, as the sole source. WTF? Why did he even feel the need to reference that article? Is his ego more important than the point he is trying to support?
Also, I can no longer find the reference, but the last time his name came up, someone on slashdot found his linkedin profile in which he immediately described himself as being an iPhone owner. And yes, I realize the irony of quoting a source I can no longer find, when I just complained about someone referencing an article in support of his point quoting himself as the sole source.
But assuming I'm telling the truth, or assuming you remember seeing what I saw, who would do that on their linkedin profile? Does he post that on his resume as well? I can think of more subtle ways to communicate one's membership in the iPhone owners club. And if anyone was coming to the rescue of Android users, I would prefer that person to be an Android user/owner himself (after all, there are so many), instead of a person who proudly wears his iPhone as some kind of badge of honor instead (again, that's assuming you think I'm even telling the truth about what I read from his linkedin profile, you may not even believe me of course).
Why is it that carriers are not able to block iOS devices? Why can't Android manufacturers build their devices so that they can be updated from an Internet connection that is independent of any carrier?
A sufficiently advanced simulation is indistinguishable from reality.
Why is a phone manufacturer not able to provide updates for THEIR particular flavor of Android? Apple seems to be able to do that for the iPhones.
A sufficiently advanced simulation is indistinguishable from reality.
Not getting updates from the manufacturer for any particular model of a product is a good reason not to buy such a product. If Apple can update their iPhones without carrier interference, why can't Android manufacturers update their particular phones the same way?
A sufficiently advanced simulation is indistinguishable from reality.
It's better not because they support the device for longer, but because you get the updates sooner after they're released. Typically the first phones to get updated to the latest, greatest Android version are the Google reference models.
It's hard to provide certain features when the hardware doesn't exist in the older versions of the phone.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
If the second amendment is eliminated, the others are not worth the paper they're written on. Ultimately, ALL of the Constitution lives or dies by the Second Amendment. Take away the right of people to defend themselves, then all other rights of null and void.
A sufficiently advanced simulation is indistinguishable from reality.
Google has published the patches but the carriers have not distributed them.
URL or it didn't happen. Google does not announce Android security updates on their official mailing list nor anywhere else. They don't publicly document the vulnerabilities they fixed with a new point release nor do they reserve CVE numbers for these. Not even speaking of publishing patches for individual vulnerabilities.
OS Reviews: Free and Open Source Software
Great! One more thing you have to research before buying a device. A guaranteed minimum standard is in everyone's best interest, you're blind adherence to ideology seems to obscure that simple truth from you.
If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.
If you have no security, you have no privacy. Putting my tinfoil hat on, I'd say the organs of Fath^H^H^H^HHomeland Security would prefer phones be kept as leaky as possible.
No, anything they need to provide would only be up until your contract is finished.
And the contract of anyone else who bought the same model new. This means updates need to continue for 24 months after the phone is withdrawn from sale.
they are obligating themselves to provide a 100% working phone.
And 100% working != up-to-date.
An Internet-connected device with known security vulnerabilities cannot be considered "100% working", and here's why: A device that can be remotely rooted by an attacker can be rendered no longer "100% working" by an attacker.
Or so you say,
your primary carrier is still getting your monthly payment and still recovering the phone subsidy.
No they subsidize the phone based on the fees they collect for usage
What you refer to as "the fees they collect for usage" is part of what I referred to as "your monthly payment". Could you explain the difference?
why would prepaid carriers such as Virgin Mobile USA be selling locked phones and using radio protocols such as CDMA2000 that encourage the sale of locked phones?
Don't like it? Buy one outright instead.
Phones bought outright from CDMA2000 carriers are still locked.
You don't have to research anything, just buy your phone from a reputable company, like Apple or Samsung. The only regulation needed is already in place for landline phones. The phone company has to accept anybody's phone, provided it will work properly with their wired network. Why should this be different with cell phones? That's the way it works in Europe and most other countries in this world. Any manufacturer that doesn't support the products will soon be out of business.
A sufficiently advanced simulation is indistinguishable from reality.
So you're in favour of regulation now? Bravo, job done.
If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.
How is this an ACLU issue? These are the people who are supposed to stand up for our rights, as in Constitutionally guaranteed rights. Do they really have so little to do stopping the violation of our rights that they need to go into this? As someone whose rights have been violated and seen the ACLU pick and choose their involvement based on what will have the greatest impact, supposedly. I'm appalled to see them getting involved in a consumer issue that has nothing to do with an individual's or groups rights. Sorry but you don't have a "right" to security updates. It's a free market economy, you have a "right" not to use a product or service. I'm not offering an opinion on if the carriers should or didn't do something. I’m only commenting on the ACLU acting like a big money, sleazy, class-action lawyer and not the champion of our rights they claim to be.
I never said I was against regulation, but we don't need any new laws. What's the difference between a cell phone company and a landline company? One uses wires and one doesn't, but other than that? Use the same rules that apply to wired phones.
A sufficiently advanced simulation is indistinguishable from reality.
Don't you think there a few differences between wired and wireless phones?
If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.
To have an Android device you purchased (or rented) patched is not a human right. Maybe, it is a consumer right, and should be defended by consumer-rights advocates, but ACLU is not (supposed to be) one. That they prefer to concentrate on this instead of on one of the rights enumerated by the Bill of Rights, is telling, how low the organization has fallen.
Whatever you say about NRA, clearly, their efforts aren't sufficient, because the right to keep and bear arms (the one, you know, that shall not be infringed) is routinely denied, and even in the most liberal states (like Texas), is treated not as right, but as a mere privilege (subject to the Executive's approval, to be denied or withdrawn on a whim).
Now, since you tried to make this about me, my own story with ACLU is this -- when I gave them money (and I never gave to NRA in my life) by becoming a member a few years ago, a month later I got a subscription invitation to "The Nation" (a fairly disgusting ultra-Left magazine). It was sent to the specially-tagged address I used, when registering with ACLU. So, no, they aren't seeing any of my money again — not until they prove, that they are willing to stand up for the Constitution and our rights.
They can begin by challenging the government's authority to kick people out of their houses and search them, as just happened en-mass in Boston.
In Soviet Washington the swamp drains you.