Print 75 comment(s) - last by Xplorer4x4.. on Apr 29 at 2:27 PM

ACLU blames carriers is demanding a full investigation of the issue

The American Civil Liberties Union (ACLU) took the unusual step of injecting itself into the smartphone discussion, asking the U.S. Federal Trade Commission (FTC) to investigate America's top carriers over claims of Android abuse.

According to the ACLU, Google Inc. (GOOG) regularly puts out patches and upgrades to its Android operating system -- the world's most used smartphone operating system.    But in its 17-page report, it accuses America's top wireless carriers of recklessly endangering consumers by not rolling out updates fast enough.

The report calls out both of America's top two carriers, AT&T, Inc. (T) and Verizon Wireless -- jointly owned by Verizon Communications Inc. (VZ) and Vodafone Group Plc. (LON:VOD).  But it also accuses Sprint Nextel Corp. (S) and Deutsche Telekom AG's (ETR:DTE) T-Mobile USA of contributing to the problem, as well.

The ACLU wants the FTC to force carriers either to offer customers refunds or to force them to provide warnings that they are inadequately protecting customers.  The advocacy admits that it is unusual for it to look to protect consumers (which is typically the job of other more specialized advocacies), but it said in this case that the security risks from the carrier negligence could be used to justify Orwellian new federal laws -- like the controversial CISPA bill that recently passed the House.

ACLU lawyer Chris Soghoian, who authored and submitted the complaint last Tuesday, comments, "This is part of our attempt to reframe the cybersecurity agenda,.  Before violating anyone's privacy, the government should first be addressing the low-hanging fruit that everyone can agree on."

Android smartphones
The ACLU is targeting America's top carriers for sluggish Android updates.
[Image Source: Android and Me]

While the report may echo the frustrations of many Android users, it was met with scorn and derision by figures in the telecom industry.  Verizon responded that it releases patches and updates "as quickly as possible", but that it must commit "rigorous testing" before any release.  Carriers argue that the nature of Android -- which allows both OEMs and carriers to modify or disable certain functionality (e.g. tethering) -- makes testing a slower and more arduous process.  

They argue that rushed updates could "break" smartphones causing them to gobble data unnecessarily, be unable to run apps, or be unable to make calls.  Indeed this has happened on occasion in the past.

But not everyone is buying that excuse.  Carnegie Mellon Univ. Computer Science Professor Travis Breaux comments, "There are standard practices for testing and evaluating patches.  Microsoft does this all the time."

Sources: ACLU [complaint], AP

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: annoyance
By TakinYourPoints on 4/23/2013 2:23:27 AM , Rating: 2
Show me when that number of iOS devices have as much malware or are compromised in the numbers that has happened on Android, then we'll talk.

The number of compromised iOS devices amounts to less than a rounding error, almost all of which have been jailbroken and run sideloaded apps.

Meanwhile in the real world:

"While it's well-known in the security community that slow patching of vulnerabilities on mobile devices is a serious issue, we wanted to bring greater visibility to the problem,"

Obviously security patches are a good thing, and with Android that is an issue outside of the already massive amount of malware on the platform.

Better yet:

How can that be? How does the more secure operating system end up being the target of the lion’s share of attacks and malware? Symantec merely notes that most mobile attacks don’t rely on operating system vulnerabilities, therefore there’s no necessary correlation between attacks and exploitable security vulnerabilities.

The problem for the company is that the company made a (bad) decision years ago to cede control over Android to its business partners: the carriers and handset makers that sell mobile phones. That was all in the interest of fostering growth.


That has meant putting security in the hands of those same business partners, even though they don’t bear any of the costs or reputation damage from hacked or compromised devices. You don’t, after all, read headlines saying that “malware spreading on Verizon phones,” or “malicious apps targets AT&T phones.” You hear about attacks on Android. The carrier and handset maker, except in rare cases, don’t warrant mention.

Those partners have turned a blind eye to the kind of basic “policing” that needs to be done to keep the mobile ecosystem safe. While Google reliably pushes out operating system updates, handset makers and carriers drag their feet distributing those updates to vulnerable customers – worried, perhaps, about service disruptions or other support issues that might result. The latest data from Google highlights the challenge facing the company, with just over 16% of Android users running Versions 4.1 or 4.2 the latest versions of the OS, dubbed “Jelly Bean” more than six months after its release. In contrast, 44% of Android users are still running the “Gingerbread” release – Versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities. Add to that the proliferation of third party Android application stores, which operate with little or no oversight, and you have a mobile environment with lots of “broken windows.”

This is on top of Google Play giving personal user information to developers without giving control of that to the customer, something neither Microsoft nor Apple do with iOS and WP.

I know you want to frame this as a fanboy argument, but reality is reality. iOS having more security vulnerabilities doesn't matter given that they are patched across all iOS devices, and when malware is kept out of the app store. Meanwhile malware runs rampant on Android while millions of new devices are left unpatched because carriers can't be bothered do deal with it and aren't being held accountable.

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki