ACLU Asks FTC To Force Carriers To 'Patch Or Replace' Android Devices 318
chicksdaddy writes "The American Civil Liberties Union filed a complaint with the U.S. Federal Trade Commission on Wednesday calling on the federal government to take action to stem an epidemic of unpatched and insecure Android mobile devices – declaring the sea of unpatched and vulnerable phones and tablets 'defective and unreasonably dangerous.' The civil liberties group's complaint for injunctive relief with the FTC (PDF), notes that 'major wireless carriers have sold millions of Android smartphones to consumers' but that 'the vast majority of these devices rarely receive software security updates.' The ACLU says carriers leave their customers vulnerable to malware and spear phishing attacks that can be used to record or transmit information on the device to' third parties. 'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners,' the ACLU said. Android devices now account for close to 70 percent of new mobile devices sold. The porous security of many of those devices has become a topic of concern. The latest data from Google highlights the challenge facing the company, with just over 25% of Android users running versions 4.1 or 4.2 – the latest versions of the OS, dubbed 'Jelly Bean,' more than six months after its release. In contrast, 40% of Android users are still running the 'Gingerbread' release – versions 2.3.3 through 2.3.7, a two year-old version of the operating system that has known security vulnerabilities."
Re:Not Owning Your Hardware... (Score:1, Insightful)
It all depends on the contract or EULA that you agreed to when purchasing the phone.
On the flip side of this issue is the US Government declaring it a crime to root your own phone (you know, the one you bought and paid for even if it was via ridiculous "subsidized" monthly fees from your US carrier). You're not allowed to upgrade it or you're a criminal, so you're at the mercy of criminals and carriers (who are their own type of criminals).
Bloatware (Score:5, Insightful)
About time! (Score:5, Insightful)
About bloody time that someone does this. It is absolutely indefensible that the carriers have refused to release patches for known security holes for extended periods of time if they release them at all. This blatantly leaves their customers vulnerable and their customers have no way of circumventing this short of rooting their phones.
I read the article before it appeared on Slashdot and many of these phone will literally never receive any patches from the carrier. These phones are effectively being sold as known defective devices and I hope someone initiates a class action lawsuit on the matter as I can't think of any other way to fix this issue. Patch Management really should not be an afterthought and it affects every device, every operating system and unfortunately there are still legions of idiots out there equate Patch Management with Microsoft Windows patch Tuesday.
That it would require a lawsuit in order to patch your phone and secure it against a known vulnerability say much about about the state of American cell phone industry. This country desperately needs to adopt the standards used by the rest of the world and it's a point of shame that we have the industry we do. Most Americans don't know how bad things are here because they never go abroad, and once they do it's like walking into a candy store for the first time with "you can do that?", again and again.
Re:Not surprised ... (Score:5, Insightful)
Why did you buy a carrier phone?
Why not get a device that might actually get updates?
You voted for this system with your purchase, you are part of why it exists.
Re:And in other news ... (Score:5, Insightful)
No, the difference is that no one is blocking anyone from getting the XP updates that Microsoft releases. This isn't about Google no longer supplying updates to old Android versions, it's about carriers blocking users from getting updates.
Re:But We Are Open - We are Google - We are Good (Score:2, Insightful)
In other words, just like the GP said, Google said go fuck yourself after 1.5 years.
Yeah, that's SO much better than the carriers.
Re:Not surprised ... (Score:3, Insightful)
Why did you buy a carrier phone?
Why not get a device that might actually get updates?
A guess would be, because the unsubsidized price is gouged, and hard.
To wit: The other day, I was perusing the Sunday paper circulars when I came across one for Best Buy; on the front page, there was an ad for the Galaxy Tab II 10.1" tablet, and the Galaxy SIII phone; though the specs were almost identical (the SIII has a better processor, the Tab II has a 10 inch screen), the price difference was astronomical; the Tab II was listed for ~$350 and the SIII? Unsubsidized, the cost was $700! Heck, an unlocked SII still retails for around $450, and that's a 2 year old phone.
So, in summation: a 10" tablet with a dual core somehow costs less than half a 4.8" phone with a quad core. If that's not evidence of price fixing, I don't know what is.
You voted for this system with your purchase, you are part of why it exists.
That's why I only buy older, used, unlocked phones. No price gouging, no carriers trying to blast me in the ol' cornshooter, and there's usually plenty of community supported alternative OS'.
Re:android lol (Score:4, Insightful)
That's what you think. You never noticed that I was sitting there with two extra cans and a pair of scissors!
Re:sounds like the market has spoken (Score:5, Insightful)
From TFS:
'A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google
They did release patches, the carriers are blocking them, therefore, ACLU is suing to get the carriers to stop being jerks.
Comment removed (Score:5, Insightful)
Re: But We Are Open - We are Google - We are Good (Score:3, Insightful)
Re:Not Owning Your Hardware... (Score:4, Insightful)
I've never had to wait for a carrier to upgrade my iPhone.....
Re:Not Owning Your Hardware... (Score:4, Insightful)
I've never had to wait for a carrier to upgrade my Nexus.....
Oh, wait, did you think that was unique to iPhone?