[ale] ACLU Files Complaint With FTC Over Android Security Updates

Jim Kinney jim.kinney at gmail.com
Mon Apr 22 10:16:37 EDT 2013


Verizon has NO published docs on their software support or upgrade terms.
Their model is, "buy our phone now and we'll your money again in 2 years
for a new phone". During the first 2 years on my original Droid, it got
exactly one (1) upgrade. It got exactly nothing (0) in the next 2 years.
Yes. 4 years and only a single patch cycle.

At the very least the should be required to provide full security and bug
patch support for the life of the purchasing contract. I have to pay them
and they have provide _SERVICE_.


On Mon, Apr 22, 2013 at 10:01 AM, Jay Lozier <jslozier at gmail.com> wrote:

>  On 04/22/2013 07:54 AM, Neal Rhodes wrote:
>
> I have been on both ends of the spectrum - HTC phones which I have left
> completely alone, and let the carrier handle it, and a Viewsonic GTab,
> which pretty much required immediate replacement of the OS for any useful
> functionality.
>
> I've also rebuilt three engines in my lifetime.  And I took my Asko
> dishwasher apart before I gave up and replaced it.   Just because I CAN,
> doesn't mean it's worth my time to do it.   I consider certain things
> appliances which should "just work".
>
> The contrast between the HTC phones, on which everything "just works", and
> the Viewsonic Gtab, which I've pretty much given up on, and bought a
> Samsung Galaxy 2 are rather stark.    Maybe the developer community for the
> Viewsonic isn't as robust.   Or maybe since they're not getting paid they
> don't care if the microphone doesn't work, or it the Wifi drops in and
> out.    But on the Galaxy everything just works again.   There really is a
> tangible value to a manufacturer actually testing stuff with their
> hardware.
>
> I will state a general opinion, which is that a carrier should be
> obligated to continue providing security updates to phones for X years
> after they sell them.  I think a reasonable value for X is between 2 and 4,
> because the darn battery will crap out after 2 years.    We are now
> reaching that spot where the processing power in Android phones is equal to
> the needs of 99% of the users, so there is no reason not to keep these
> things for 5-6 years.
>
> Neal Rhodes
>
>
>
>
> On Mon, 2013-04-22 at 01:02 -0400, Jay Lozier wrote:
>
> On 04/21/2013 09:29 PM, James Taylor wrote:
> > I have had a half dozen android phones so far, and not a single one has run the carrier software for longer than it has taken me to root it and load a developer rom.
> > In my household, I currently have an HTC One S, two Galaxy Vibrants and an LG Optimus, all running the latest Jelly Bean builds for the roms they have loaded.
> > By the way, I've never had a problem with a warranty return. I either load the original build or send it as is if dead. Not a peep from the vendor.
> > I can understand most consumers not wanting to deal with this, but most consumers don't want to mess with technology in general.  They just want to use what's handed to them.
> > Anyone on this list should be able to root a phone and load a rom, maybe with a little help.
> > Why complain about your provider not updating your phone when you have access to do it yourself?
> > -jt
> IMHO the problem is that most people (not people on the list) are afraid
> of "ruining" their phone if they root the OS, etc. I remember on
> observation about most users not switching to Linux - it is they are
> afraid to install any OS on any device (Windows, iOS, Android, etc) and
> stay with the originally installed OS as updated by the vendor. The
> issue is then will the vendor take responsibility to protect their
> mostly technically illiterate customers. That appears to be what the
> ACLU is complaining about; an implied breach of contract. Whether this
> has merit is probably depends on the contract terms.
>
> It is not that installing an OS particularly hard if you take your time.
> It can be very tedious depending on what you must do to actually install
> it (try Windows 7 upgrade from Windows XP).
> >
> >>>> Neal Rhodes <neal at mnopltd.com> 4/21/2013   08:23 PM >>>
> > yes. the ACLU taking this up seems odd.
> >
> > However, I've seen a graph somewhere showing that essentially all
> > iPhones ever made can be updated the current versions of IOS.
> >
> > But Android phones are a totally different story.   Once the carrier
> > stops selling them, they get abandoned and rarely get security
> > upgrades.
> >
> > i'm not an Apple fan, but the different was quite striking.
> >
> > Neal Rhodes
> >
>
>  The parallel to providing support is on computers, Apple, Micro$oft, and
> Linux distros have published support cycles for their OS releases. I should
> know before buying/installing what the support period is; it's not hidden.
> Also, an update path from one release to another is stated even if it is a
> PITA (Windows XP direct to Windows 7 sucks).
>
> What I do not know is if the carriers have stated a support cycle for the
> OS versions and update paths to newer OS versions - I do not have an
> Android.
>
> Jay
>
>  >
> > On Sat, 2013-04-20 at 22:41 -0400, James Taylor wrote:
> >
> >> This seems releveant, considering recent conversations...
> >> -jt
> >>
> >>  From the latest Security Alerts Network Newsbites newsletter.
> >>
> >> "--ACLU Files Complaint With FTC Over Android Security Updates
> >> (April 17, 2013)
> >> The American Civil Liberties Union (ACLU) has filed a complaint with the
> >> US Federal Trade Commission (FTC) asking that the agency investigate
> >> major wireless phone service carriers for failing to deliver updates for
> >> known security issues in the Android operating system. The complaint
> >> alleges unfair and deceptive business practices for failing to
> >> distribute the patches and failing to inform customers that their
> >> devices are vulnerable to attacks. While Google has issued updates for
> >> the flaws, the carriers have not pushed them out in a timely manner.
> >> Apple issues its own updates for its phones, but individual carriers
> >> bear the responsibility of pushing out Android fixes.
> >> http://www.wired.com/threatlevel/2013/04/aclu-android-security-issue/
> >> http://www.h-online.com/security/news/item/ACLU-calls-for-FTC-investigation-into-carrier-Android-1844175.html
> >> http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unfair/
> >> http://www.washingtonpost.com/business/technology/2013/04/16/1d7364fc-a6c9-11e2-a8e2-5b98cb59187f_story.html
> >> Text of Complaint:
> >> http://www.aclu.org/files/assets/aclu_-_android_ftc_complaint_-_final.pdf
> >> [Editor's Note (Pescatore): I think "Politics makes for strange
> >> bedfellows" comes from Shakespeare, but it sure applies here: the ACLU
> >> filing complaints about security issues? But I like their angle: if the
> >> carriers don't push out security patches to the phones, they are not
> >> honoring their side of the contracts they lock people into and thus the
> >> contracts should be invalidated. Nice incentive for the carriers to more
> >> regularly update Android phones. But this also points out the security
> >> advantages of the Apple and Blackberry model, where the hardware and
> >> software come from one vendor who does push out updates regularly, vs.
> >> the Android (and Windows PC) model where the user is on their own.
> >> (Northcutt):  Kudos to our story collector, Kathy Bradford! This is a
> >> big story and everyone dealing with BYOD and MDM (Bring your own device
> >> and mobile device management) has skin in the game.
> >> (Shpantzer): Google could learn from Apple's closed ecosystem and
> >> enforce discipline in the Android Telco/OEM ranks.  Fragmentation is
> >> theoretically good for security against mass malware (not a monoculture,
> >> hard to test on infinite number of hw/sw permutations), but old and
> >> terminally vulnerable versions of Android persist for months or even
> >> years, whereas new Apple iOS versions have 90% penetration in a matter
> >> of days or weeks.]"
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >
> >
> >
> > If this is an unsolicited spam message, please click this link to report it: http://control.eastcobbgroup.com:49285/contents/spamreport.shtml?rptid=27385&srvid=16vl15t
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
>
>
>
>
>
> _______________________________________________
> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>
>
>
> --
> Jay Lozierjslozier at gmail.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130422/266c75ac/attachment.html>


More information about the Ale mailing list