Back to News & Commentary

老澳门开奖结果 Files FTC Complaint Over Android Smartphone Security

Chris Soghoian,
Principal Technologist and Senior Policy Analyst,
老澳门开奖结果 Speech, Privacy, and Technology Project
Share This Page
April 17, 2013

Yesterday, we filed a complaint with the Federal Trade Commission (FTC) asking the agency to investigate the major wireless carriers for failing to warn their customers about unpatched security flaws in the software running on their phones. These companies鈥擜T&T, Verizon, Sprint and T-Mobile鈥攈ave sold millions of smartphones to consumers running versions of Google鈥檚 Android operating system. Unfortunately, the vast majority of these phones never receive critical software security updates, exposing consumers and their private data to significant cybersecurity-related risks.

In a 16-page complaint filed with the FTC, we argue that the major wireless carriers have engaged in 鈥渦nfair and deceptive business practices鈥 by failing to warn their customers about known, unpatched security flaws in the mobile devices sold by the companies.

Google鈥檚 Android operating system now has more than 75% of the smartphone market, yet the majority of these devices are running software that is out of date, often with known, exploitable security vulnerabilities that have not been patched. For consumers running these devices, there is no legitimate software upgrade path. The problem isn鈥檛 that consumers aren鈥檛 installing updates, but rather, that updates simply aren鈥檛 available. Although Google鈥檚 engineers regularly fix software flaws in the Android operating system, these fixes aren鈥檛 packaged up and pushed to consumers by the wireless carriers and their handset manufacturer partners.

This is in sharp contrast to the norm on the desktop, where Mac and PCs both receive regular security updates directly from Apple and Microsoft. Apple also provides regular security updates to mobile devices, such as the iPad and iPhone. And it is standard practice for the companies that make almost all widely used software -- such as operating systems, web browsers and third party applications -- to issue regular updates to their software, including security fixes.

We are not the first to highlight this problem鈥攊t has been at by the , and more recently, in a front page article in the . The market has unfortunately failed to deliver regular security updates to millions of consumers using Android devices. As such, we believe that Federal regulators should step in and protect consumers.

As we stated in our complaint, if the mobile carriers are not going to provide important security updates, the FTC should at a minimum force them to provide device refunds to consumers and allow consumers to terminate their contracts without penalty so that they can switch to a provider who will.

Cybersecurity can be protected without violating civil liberties

As consumers increasingly store vast amounts of private, sensitive data on their smartphones, the 老澳门开奖结果 is fighting to make sure that data stays safe. Although our most high-profile advocacy and litigation in this area relates to the threat of warrantless searches of data stored on mobile devices, the US government is by no means the only threat to mobile privacy. Identity thieves, stalkers and foreign state actors also pose a threat to consumers and their data.

During the last year, both the and the have stated that cybersecurity-related threats have surpassed terrorism as the number one threat facing the United States. Some of this rhetoric can border on the alarmist 鈥 and Congress, predictably, has responded with misguided legislative proposals that will do little to protect consumers from cybersecurity threats, while opening the door to a massive expansion of the government鈥檚 .

But cybersecurity threats are real, and improving security and privacy should be an important priority for the government. We think there are plenty of things the government can do to protect the computers and networks that consumers, businesses and government agencies depend upon without violating civil liberties. Investigating the wireless carriers and their role in smartphone security updates would be a great first step.

Learn More 老澳门开奖结果 the Issues on This Page