No subject
Tue Nov 13 08:16:38 EST 2012
"--ACLU Files Complaint With FTC Over Android Security Updates
(April 17, 2013)
The American Civil Liberties Union (ACLU) has filed a complaint with the
US Federal Trade Commission (FTC) asking that the agency investigate
major wireless phone service carriers for failing to deliver updates for
known security issues in the Android operating system. The complaint
alleges unfair and deceptive business practices for failing to
distribute the patches and failing to inform customers that their
devices are vulnerable to attacks. While Google has issued updates for
the flaws, the carriers have not pushed them out in a timely manner.
Apple issues its own updates for its phones, but individual carriers
bear the responsibility of pushing out Android fixes.
http://www.wired.com/threatlevel/2013/04/aclu-android-security-issue/
http://www.h-online.com/security/news/item/ACLU-calls-for-FTC-investigation-into-carrier-Android-1844175.html
http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unfair/
http://www.washingtonpost.com/business/technology/2013/04/16/1d7364fc-a6c9-11e2-a8e2-5b98cb59187f_story.html
Text of Complaint:
http://www.aclu.org/files/assets/aclu_-_android_ftc_complaint_-_final.pdf
[Editor's Note (Pescatore): I think "Politics makes for strange
bedfellows" comes from Shakespeare, but it sure applies here: the ACLU
filing complaints about security issues? But I like their angle: if the
carriers don't push out security patches to the phones, they are not
honoring their side of the contracts they lock people into and thus the
contracts should be invalidated. Nice incentive for the carriers to more
regularly update Android phones. But this also points out the security
advantages of the Apple and Blackberry model, where the hardware and
software come from one vendor who does push out updates regularly, vs.
the Android (and Windows PC) model where the user is on their own.
(Northcutt): Kudos to our story collector, Kathy Bradford! This is a
big story and everyone dealing with BYOD and MDM (Bring your own device
and mobile device management) has skin in the game.
(Shpantzer): Google could learn from Apple's closed ecosystem and
enforce discipline in the Android Telco/OEM ranks. Fragmentation is
theoretically good for security against mass malware (not a monoculture,
hard to test on infinite number of hw/sw permutations), but old and
terminally vulnerable versions of Android persist for months or even
years, whereas new Apple iOS versions have 90% penetration in a matter
of days or weeks.]"
More information about the Ale
mailing list