ACLU asks feds to probe wireless carriers over Android security updates

Aurich Lawson / Thinkstock

Civil liberties advocates have asked the US Federal Trade Commission to take action against the nation's four major wireless carriers for selling millions of Android smartphones that never, or only rarely, receive updates to patch dangerous security vulnerabilities.

The request for investigation and complaint for injunctive relief was filed Tuesday by the American Civil Liberties Union against AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile USA. The majority of phones that the carriers sell run Google's Android operating system and rarely receive software updates, the 16-page document stated. It went on to allege that the practice violates provisions of the Federal Trade Commission Act barring deceptive and unfair business practices, since the carriers don't disclose that the failure to provide updates in a timely manner puts customers at greater risk of hacking attacks. Among other things, the filing seeks an order allowing customers to terminate contracts that cover a phone that's no longer eligible to receive updates.

"All four of the major wireless carriers consistently fail to provide consumers with available security updates to repair known security vulnerabilities in the software operating on mobile devices," Christopher Soghoian, principal technologist and senior policy analyst for the ACLU, wrote in the document. "The wireless carriers have failed to warn consumers that the smartphones sold to them are defective and that they are running vulnerable operating system and browser software. The delivery of software updates to consumers is not just an industry best practice, but is in fact a basic requirement for companies selling computing devices that they know will be used to store sensitive information, such as intimate photographs, e-mail, instant messages, and online banking credentials."

Read 14 remaining paragraphs | Comments