My Z News

ACLU: Carriers Leaving Android Users Susceptible to Malware

, , , , , , ,

Android

In a world where malware targeting Android phones is used more and more everyday, security updates are fundamental to keep users away from malware and hackers. That’s why the American Civil Liberties Union has filed a complaint on Tuesday, accusing mobile carriers of failing to distribute updates and fixes to their Android phones.

In its 16-page complaint filed with the Federal Trade Commission, the civil rights group pointed its finger at AT&T, Verizon, Sprint and T-Mobile, accusing the companies of leaving users vulnerable by providing them with phones running unpatched and outdated versions of the Android operating system, which “rarely receive software security updates.”

“The problem isn’t that consumers aren’t installing updates, but rather, that updates simply aren’t available,” wrote Chris Soghoian, the ACLU principal technologist and senior policy analyst, in a blog post. “Although Google’s engineers regularly fix software flaws in the Android operating system, these fixes aren’t packaged up and pushed to consumers by the wireless carriers and their handset manufacturer partners.”

And that’s because the majority of Android phones on the market don’t run Google‘s native Android version but a carrier’s customized version. The ACLU notes that these are effectively unique operating systems that need their own updates, and only the companies that modified the original Android source code can issue those updates. And most of the time, they either never do that or do it months later.

Moreover, according to the complaint, the carriers don’t even warn the users about these flaws and vulnerabilities. And these failures, according to the ACLU, amount to “deceptive and unfair business practices.”

If the carriers can’t or are unwilling to issue security updates more frequently, the ACLU is asking the FTC to compel carriers to give their users a way to terminate their contracts early — without having to pay the usual termination fee — or allow them to exchange their insecure phones for newer ones, or to give them a full refund.

In February, the FTC ordered HTC America to patch security vulnerabilities in their phones. But in a tweet, Soghoian notes that with this complaint “we don’t ask the FTC to force the carriers to issue updates, merely to tell consumers about flaws.”

For Soghoian, putting pressure on the carriers to improve their security practices should be part of the government’s commitment to improve the country’s cybersecurity. “Cybersecurity threats are real, and improving security and privacy should be an important priority for the government,” he wrote. “We think there are plenty of things the government can do to protect the computers and networks that consumers, businesses and government agencies depend upon without violating civil liberties. Investigating the wireless carriers and their role in smartphone security updates would be a great first step.”

ACLU – Android Ftc Complaint

Image courtesy of Flickr, Family O’Abé

Read more: http://mashable.com/2013/04/18/aclu-ftc-android-security/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.