Wireless Carriers May Face FTC Investigation for Lagging Android Security Updates

Wireless carriers may face FTC investigations because of lagging Android security updates, as the American Civil Liberties Union (ACLU) has filed a complaint stating that user are exposed to malware threats that endanger their privacy.

Arguing that even off-the-shelf smartphones lack the latest security updates and that older models sometimes never receive the latest Android security updates, the ACLU believes sensitive user information, such as photos, emails, and instant messaging conversations, may be exposed via security loopholes that invite malware.

AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile USA were named in the 16-page document that hit the FTC, along with claims that deceptive and unlawful business practices were conducted by all four carriers.

“All four of the major wireless carriers consistently fail to provide consumers with available security updates to repair known security vulnerabilities in the software operating on mobile devices,” wrote Christopher Soghoian, senior policy analyst for the ACLU, in the document. “The wireless carriers have failed to warn consumers that the smartphones sold to them are defective and that they are running vulnerable operating system and browser software. The delivery of software updates to consumers is not just an industry best practice, but is in fact a basic requirement for companies selling computing devices that they know will be used to store sensitive information, such as intimate photographs, e-mail, instant messages, and online banking credentials.”

Spokespersons from both Verizon and Sprint commented that all security updates are thoroughly tested before pushed to customer devices, as to ensure that no crashes or system errors occur. Arguing that industry best practices have always been applied when considering the distribution of security updates, both carriers emphasized that top priority is given to each update.

“We are known for our rigorous testing protocols which lead the wireless industry, and we thoroughly test every update before delivering it to customers,” according to a Verizon statement. “We work closely with our OEM partners and provide mandatory updates to devices as quickly as possible, giving attention and priority to ensuring a good and secure customer experience.”

If the FTC decides to launch investigations on all four carriers, first reports will reach the media within months.