ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices

chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."

Not Owning Your Hardware...

I think this shows one of the greatest flaws in the not owning your hardware debate. What happens when you the company that owns it simply gives up on support??? You're left holding the bag but can't change it's content.

Re:But We Are Open - We are Google - We are Good

[ddtmm]

I think you missed the point. Google has published the patches but the carriers have not distributed them.

Re:But We Are Open - We are Google - We are Good

[Dancindan84]

'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers'

Highlighted the important part from TFS. Google's released patches. Carriers are refusing to give them to their customers. There's nothing Google can do about that. Hence why the ACLU is lobbying the FTC to force the carriers into action.

Re:No law is needed

[najay]

I own a Motorola Atrix 4G. It is an excellent smartphone platform. It has been abandoned
by Motorola even though the phone can easily run ICS and Jellybean. We Atrix 4G users
may never see an official update, on a phone they originally PROMISED to update.

Sad thing is Motorola Mobility is now owned by Google. Go Figure.

Re:android lol

[sessamoid]

Very true. My old communications device was the most secure and I've yet to find something that rivals it. It was impossible to spoof, clone, or manipulate and all my data was secure. Sure it was hard to make long-distance calls, because finding large spools of string is difficult, but the fidelity of those tin cans was soooo pure. Plus, they never got any malware, not even once.

Unfortunately, you're very vulnerable to a can-in-the-middle attack.