Fail to provide good Android security
The America Civil Liberties Union filed a complaint with the Federal Trade Commission today asking the agency to investigate the four major mobile carriers’ security practices in regards to smartphones.
The civil liberties group claims that AT&T, Verizon, T-Mobile, and Sprint are not doing enough to protect users’ private and personal data — specifically on Android devices. The gist of the complaint (PDF) is that these carriers aren’t providing users with timely security updates, which the ACLU says is akin to “deceptive and unfair business practice.”
“The major wireless carriers have sold millions of Android smartphones to consumers,” the ACLU wrote in its complaint. “The vast majority of these devices rarely receive software security updates.”
The ACLU claims that while Google has published updates to fix exploitable security vulnerabilities, these fixes have not been sent out to consumers.
“Android smartphones that do not receive regular, prompt security updates are defective and unreasonably dangerous,” the ACLU wrote. “As the FTC has acknowledged, security vulnerabilities on consumers’ mobile devices may be used ‘to record and transmit information entered into or stored on the device … to target spear-phishing campaigns, physically track or stalk individuals, and perpetrate fraud, resulting in costly bills to the consumer… [and to misuse] sensitive device functionality such as the device’s audio recording feature… to capture private details of an individual’s life.'”
Android devices are notorious for attracting malware and some of it is quite sophisticated. Some types of malware can embed themselves on smartphones and steal information from users, while others act as spyware and take over components of the device. Last October, the FBI warned users to be aware of such mobile malware because it is especially lured to Android’s operating system.
Mindful of these dangers, Google has been working to beef up its OS security over the past several iterations of Android. With Jelly Bean’s design, Google has aimed to defend against hacks that install viruses, along with other malware.
While the ACLU is alleging that the mobile carriers disregard user security, several of the carriers have worked to make Android devices on their networks safer. In September, Verizon debuted a security app to battle malware on Android devices; and in October, T-Mobile partnered with a mobile security company to preload free malware- and virus-protection software on select Android devices.
When contacted by CNET, Sprint Spokesman John Taylor said, “Sprint follows industry-standard best practices designed to protect its customers.”
It’s unclear if the ACLU’s complaint will gain any traction with the feds. It most likely will not result in any legal action since the FTC does not have the processes to file lawsuits. But, it’s possible that the mobile carriers could change their updating practices.
CNET contacted AT&T, Verizon, T-Mobile, and the CTIA Wireless Association for comment. We’ll update the story when we get more information.