Print 75 comment(s) - last by Xplorer4x4.. on Apr 29 at 2:27 PM

ACLU blames carriers is demanding a full investigation of the issue

The American Civil Liberties Union (ACLU) took the unusual step of injecting itself into the smartphone discussion, asking the U.S. Federal Trade Commission (FTC) to investigate America's top carriers over claims of Android abuse.

According to the ACLU, Google Inc. (GOOG) regularly puts out patches and upgrades to its Android operating system -- the world's most used smartphone operating system.    But in its 17-page report, it accuses America's top wireless carriers of recklessly endangering consumers by not rolling out updates fast enough.

The report calls out both of America's top two carriers, AT&T, Inc. (T) and Verizon Wireless -- jointly owned by Verizon Communications Inc. (VZ) and Vodafone Group Plc. (LON:VOD).  But it also accuses Sprint Nextel Corp. (S) and Deutsche Telekom AG's (ETR:DTE) T-Mobile USA of contributing to the problem, as well.

The ACLU wants the FTC to force carriers either to offer customers refunds or to force them to provide warnings that they are inadequately protecting customers.  The advocacy admits that it is unusual for it to look to protect consumers (which is typically the job of other more specialized advocacies), but it said in this case that the security risks from the carrier negligence could be used to justify Orwellian new federal laws -- like the controversial CISPA bill that recently passed the House.

ACLU lawyer Chris Soghoian, who authored and submitted the complaint last Tuesday, comments, "This is part of our attempt to reframe the cybersecurity agenda,.  Before violating anyone's privacy, the government should first be addressing the low-hanging fruit that everyone can agree on."

Android smartphones
The ACLU is targeting America's top carriers for sluggish Android updates.
[Image Source: Android and Me]

While the report may echo the frustrations of many Android users, it was met with scorn and derision by figures in the telecom industry.  Verizon responded that it releases patches and updates "as quickly as possible", but that it must commit "rigorous testing" before any release.  Carriers argue that the nature of Android -- which allows both OEMs and carriers to modify or disable certain functionality (e.g. tethering) -- makes testing a slower and more arduous process.  

They argue that rushed updates could "break" smartphones causing them to gobble data unnecessarily, be unable to run apps, or be unable to make calls.  Indeed this has happened on occasion in the past.

But not everyone is buying that excuse.  Carnegie Mellon Univ. Computer Science Professor Travis Breaux comments, "There are standard practices for testing and evaluating patches.  Microsoft does this all the time."

Sources: ACLU [complaint], AP

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: annoyance
By TakinYourPoints on 4/22/2013 8:28:31 PM , Rating: 2
Interesting how those vulnerabilities have resulted in nothing. Meanwhile, here's this week's story on Android malware:

This is also fun: Google gives your email address, full name, and address to every developer you purchase an app from on Google Play. Microsoft and Apple do not do this.

RE: annoyance
By momorere on 4/22/2013 9:07:31 PM , Rating: 1
Typical retarded, un-informed crApple user that doesn't know the difference between malware and OS vulnerabilities. I'll break it down to where even Mac users can understand.

Malware requires user interaction (ie: clicking attachments or bad links) or vulnerabilities in 3rd party software(ie: adobe and java).

OS vulnerabilities is holes in the OPERATING SYSTEM that only the creators of said OS can fix and requires NO user interaction.

We all know that crApple won't fix any vulnerabilities until they are heavily covered in the media. Until then, it is passed off as a "feature" as per their usual tactics.

RE: annoyance
By TakinYourPoints on 4/22/2013 11:25:42 PM , Rating: 2
And you totally miss the point.

We know that Android doesn't push out security fixes for OS vulnerabilities on a timely basis because that is in the hands of third parties. On top of that they can't even keep on top of malware coming from their own channels, let alone all of the other malware out there that isn't hosted on Play. Either way, the number of compromised iOS devices doesn't even amount to more than a rounding error, it is nothing compared to the percentage of compromised Android devices, both through OS vulnerabilities and malware.

That simple enough to understand?

RE: annoyance
By momorere on 4/23/2013 12:06:29 AM , Rating: 2
Of course a chart/statistic that shows crApple in bad light isn't accurate or sufficient enough for you UNLESS it is in a positive manner. 81% is a HUGE lead in OS vulnerabilities if you ask any level-headed tech user or non-crApple fanatic. I don't know who is worse, you or Tony.

RE: annoyance
By TakinYourPoints on 4/23/2013 2:23:27 AM , Rating: 2
Show me when that number of iOS devices have as much malware or are compromised in the numbers that has happened on Android, then we'll talk.

The number of compromised iOS devices amounts to less than a rounding error, almost all of which have been jailbroken and run sideloaded apps.

Meanwhile in the real world:

"While it's well-known in the security community that slow patching of vulnerabilities on mobile devices is a serious issue, we wanted to bring greater visibility to the problem,"

Obviously security patches are a good thing, and with Android that is an issue outside of the already massive amount of malware on the platform.

Better yet:

How can that be? How does the more secure operating system end up being the target of the lion’s share of attacks and malware? Symantec merely notes that most mobile attacks don’t rely on operating system vulnerabilities, therefore there’s no necessary correlation between attacks and exploitable security vulnerabilities.

The problem for the company is that the company made a (bad) decision years ago to cede control over Android to its business partners: the carriers and handset makers that sell mobile phones. That was all in the interest of fostering growth.


That has meant putting security in the hands of those same business partners, even though they don’t bear any of the costs or reputation damage from hacked or compromised devices. You don’t, after all, read headlines saying that “malware spreading on Verizon phones,” or “malicious apps targets AT&T phones.” You hear about attacks on Android. The carrier and handset maker, except in rare cases, don’t warrant mention.

Those partners have turned a blind eye to the kind of basic “policing” that needs to be done to keep the mobile ecosystem safe. While Google reliably pushes out operating system updates, handset makers and carriers drag their feet distributing those updates to vulnerable customers – worried, perhaps, about service disruptions or other support issues that might result. The latest data from Google highlights the challenge facing the company, with just over 16% of Android users running Versions 4.1 or 4.2 the latest versions of the OS, dubbed “Jelly Bean” more than six months after its release. In contrast, 44% of Android users are still running the “Gingerbread” release – Versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities. Add to that the proliferation of third party Android application stores, which operate with little or no oversight, and you have a mobile environment with lots of “broken windows.”

This is on top of Google Play giving personal user information to developers without giving control of that to the customer, something neither Microsoft nor Apple do with iOS and WP.

I know you want to frame this as a fanboy argument, but reality is reality. iOS having more security vulnerabilities doesn't matter given that they are patched across all iOS devices, and when malware is kept out of the app store. Meanwhile malware runs rampant on Android while millions of new devices are left unpatched because carriers can't be bothered do deal with it and aren't being held accountable.

"My sex life is pretty good" -- Steve Jobs' random musings during the 2010 D8 conference

Most Popular ArticlesFree Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Top 5 Smart Watches
July 21, 2016, 11:48 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki