Phone Manufacturers, Carriers Under Security Probe

John Lister's picture

Two government agencies are investigating the way smartphone manufacturers and wireless carriers issue security updates for devices. They say they are particularly worried about older devices being left unpatched.

It's a rare joint probe by both the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC). While the FCC usually handles issues relating to the Internet and smartphones, the FTC usually only gets involved in cases of misleading advertising or unfair contracts. That may suggest officials are exploring whether companies have overstated the security their customers enjoy.

The agencies have written to six leading wireless carriers (AT&T, T-Mobile, Tracfone, Sprint, US Cellular and Verizon), six device manufacturers (Apple, BlackBerry, HTC, LG, Motorola and Samsung) and the giants behind two mobile operating systems (Microsoft and Google).

Delays In Firing Line

According to the FCC, its main line of enquiry is that sometimes there are "significant delays in delivering patches to actual devices - and that older devices may never be patched." (Source: techcrunch.com)

While all the major players are under investigation, Google may be the most complex case. Apple and Microsoft both largely control what updates are issued and when. With Google's Android system, the company itself issues updates to Nexus handsets and tablets.

However, for devices from other manufacturers, the same updates are usually issued by the manufacturer or the wireless carrier. That can be mean significant differences in the time it takes to patch different makes and models, with some older devices not patched for months if at all.

Manufacturers Must Detail All Recent Flaws

The FTC letter asks the manufacturers involved to detail all the devices they have sold in the United States since August 2013. It also asks for a list of any security flaws affecting those devices and then if and when they were patched.

Meanwhile the FCC has asked wireless carriers to detail their "processes for reviewing and releasing security updates for mobile devices." (Source: fcc.gov)

What's Your Opinion?

Do you think manufacturers and carriers do a good enough job of issuing security updates in a timely fashion? Do you pay any attention to the update status of your devices or do you take a 'set it and forget it' approach? Is this a matter for government involvement?

Rate this article: 
Average: 5 (6 votes)

Comments

Dennis Faas's picture

I personally own an Android phone that is made by Blu and I have only ever received 2 Android updates that I am aware of; the rest of the updates are for apps. I do not think my phone is upgradable to Android Lollipop (at least there does not seem to be a system update for it) - I think the only way to get to that path is to root the phone and then install a non-supported update like cyanogenmod.

rwells78's picture

Do you think manufacturers and carriers do a good enough job of issuing security updates in a timely fashion? Heck NO!

As our phones are a small form factor computer, and all other computer OS's get monthly security patches, so should our phones.

This would be a way for Google to get out of the current agreements with the carriers that allow carriers to fill our phones with bloatware and delay or prevent upgrades to the OS.

matt_2058's picture

I can't see where the carriers issue adequate updates. If you think about it, computer updates are rolled out weekly or monthly. I think I got one update from Sprint in a year.

This is the very reason I don't use my phone for critical tasks. I don't do banking or credit card stuff on my phone. I don't access store accounts or order stuff from the phone. There's too much info that apps specifically gather, like accounts. I do have a separate email address for the phone. That way what gets to the phone is specifically for it, like a order pickup notice.

Many times an app update adds more permission needs than the initial install. I never update apps...I reinstall them if I want a current version. Then again, there are no critical apps on my phone except the security camera surveillance app. Next most 'critical' is Shortyz crossword for killing time while waiting for whatever.

How could the government possibly help this...they don't have requirements or standards for other computer software or hardware? Even with banking and medical, the requirement is to have controls in place, not updates or upgrades.

Time's picture

Friday night I plugged my Galaxy s4 (that I have only had for a little over a year,bought new from Verizon)in to charge. When it seemed to be taking too long I took it off the charger and it turned itself on. I turned it back off and it turned itself on, like it was possessed. I finally had to remove the battery so it would stay off. Saturday I took it to Verizon to see if they could tell me what was wrong. Long story short, they told me the phone was rooted (something I don't know how to do) and there was nothing they could do to fix it because they told me, sometimes when phones get updates that are meant for newer phones it screws up the phone. So they said I would have to buy a new phone. They had me wipe the old one and now I'm wondering if that was just a bunch of crap to get me to take a new phone and change my inexpensive plan to an expensive one? if you return the phone to factory settings, does that fix the phone?

Dennis Faas's picture

If you had a rooted phone and if you return it to factory spec, that should un-root the phone - that is, unless the factory image has been tampered with. If they are trying to sell you a new plan / new phone then I think they are either trying to take advantage of you, or they just don't know what they are talking about. PS: There are free phone apps you can download that tell you whether or not your phone is rooted.

Time's picture

Wish I had this answer last week. It's too late since they told me I needed a new phone.

matt_2058's picture

Time,
Check with your carrier. Sprint has a 30-day return on phone. It's worth trying if you didn't trade your old one in.

Maybe it was an app doing the restarting.