Apple, Google, AT&T, Verizon Face FTC And FCC Scrutiny Over Slow Mobile Security Updates

by Brandon Hill — Monday, May 09, 2016, 05:34 PM EDT

When it comes to the often slow pace of security updates being pushed to the mobile devices that are at center of our daily digital lives, both the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) are looking for some answers. The FCC is taking U.S. wireless carriers (like AT&T, Verizon Wireless, and T-Mobile) to task while the FTC has hit up top hardware manufacturers including Apple, Google, Samsung, Microsoft, and HTC.

At a time when U.S. intelligence agencies like the FBI and NSA are looking for ways to use vulnerabilities to their advantage to solve crimes and in some cases potentially abuse power, the FCC instead wants to ensure that wireless carriers are providing security updates in a timely fashion to protect customers.

The FCC makes references to exploits like Stagefright, which left millions of Android devices vulnerable around the world, before adding:

Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.

In a letter sent separately to device makers, the FTC is asking for information on the following:

the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device
detailed data on the specific mobile devices they have offered for sale to consumers since August 2013
the vulnerabilities that have affected those devices
whether and when the company patched such vulnerabilities

In the end, the FTC and the FCC want more transparency in how significant exploits are identified and to ensure that devices don’t get left behind when it comes to security updates. Some device makers would rather sell you a new smartphone than to provide you with updates to a device that may be a little less than two years old.

Both agencies essentially want “No Consumer Left Behind” when it comes to security updates, but that may be easier said than done given the often disjointed relationship between device makers and wireless carriers, especially on the Android side of things.

Tags: Apple, FCC, Verizon, FTC, at&t, goo

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.