FTC and FCC asking Smartphone makers why security updates take so long....

[blankslate]

http://betanews.com/2016/05/10/android-security-investigation-fcc-ftc/

Both the Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are starting to ask the questions that Android users have been asking for years: why do updates and upgrades take so long to roll out?

If you're in possession of a flagship or recent handset, the chances are you're in line to receive timely updates for the foreseeable future. But Android's fragmentation means that older handsets quickly drop off the radar, get forgotten and remain unpatched. The FCC and the FTC both want to know why security patches are slow to hit phones, and the agencies have launched separate, but parallel, investigations.

The FTC has issued orders to a number of handset manufacturers (Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung) seeking details about their security patching processes. Specifically, the agency wants to know what factors influence whether a particular smartphone or tablets receives a particular patch. It is also looking for a breakdown of all handsets released since August 2013, the vulnerabilities each was affected by, and which security problems were fixed.

http://www.computerworld.com/articl...quiries-into-smartphone-security-updates.html

The U.S. Federal Communications Commission and Federal Trade Commission have opened parallel inquiries into the way smartphone security updates are issued and handled by major mobile carriers and device makers.

The two agencies say they are responding to the growing amount of personal information held in smartphones and a recent rise in the attacks on the security of that information.

< hold until June for CW lead art > hidden potential value chess pawn bishop thinkstock
7 ways to get the most from your vendors
Strategies have changed dramatically in the past few years, with new approaches like consolidating your
READ NOW
The FCC has sent letters to AT&T, Verizon, T-Mobile, Sprint, and U.S. Cellular asking for information on their processes for reviewing and releasing security updates for mobile devices. The FTC has asked for similar information from Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung.

The companies, which control the vast majority of mobile contracts and smartphone handsets sold in the U.S., have 45 days to respond, at which time the two agencies will analyze the responses and share data with each other.

The inquiries haven't risen to the level of a formal investigation or rulemaking, but they could depending on what is discovered.

"We're attempting to get an assessment on the state of what carriers do to push out patches for device vulnerabilities, how quickly they do it, and what are some of the barriers and challenges they have," said Neil Grace, a spokesman for the FCC.

This highlights an undeniable advantage IOS has over the Android OS, in terms of the effort required to patch an OS over different phones.

Maybe these inquiries will push cell phone manufacturers to push the Google patches to Android faster and for older phones.



______________________

 

[lxskllr]

Maybe these inquiries will push cell phone manufacturers to push the Google patches to Android faster and for older phones.



______________________

Why? The user can just compile the fix, and install it themsel... Oh, wait...

 

[shabby]

Google needs to grow some balls and separate the os from the oems and carriers so they can patch and upgrade every phone by themselves and not rely on anyone else delaying updates.
Could of swore there was some background/foreground system separation talk with android N but can't find the article.

 

[luv2liv]

Because the FBI/NSA don't want people to have secure phones?

 

[master_shake_]

because carriers have to strip out the features they want you to pay for.

i.e tethering and call display which your phone will do all by it's self but greedy telecoms won't allow it.

 

[StrangerGuy]

I don't know why the Feds are even asking this. Anyone who can connect the dots can see the entire point of Android is for Google to spam disposable phones onto the market with little regards to security, and their 80+% market share Android and proprietary Gapps should open Google up for antitrust investigations when judged by how much antitrust flack MS received back in 90/00s.

 

[dawheat]

I don't know why the Feds are even asking this. Anyone who can connect the dots can see the entire point of Android is for Google to spam disposable phones onto the market with little regards to security, and their 80+% market share Android and proprietary Gapps should open Google up for antitrust investigations when judged by how much antitrust flack MS received back in 90/00s.

Android is significantly different than search preference that Google is rightfully being taken to task for. Market share alone doesn't determine this.

- It's been a compelling argument that Android has both lowered the cost of smartphones along with increasing the quality. When you see $99 quality Android phones and excellent $200 phones, it's difficult to make an argument that consumers are being harmed

- You'd also have to prove that consumers are being harmed by bundling Google Apps. It's not like MS pushing an inferior browser on users - I think it'd be quite difficult to prove that given current alternatives, consumers would generally be better served using alternatives.

Basically can you make a strong case for customer harm in Android and that they would have been better served with competing products? Considering that the cheapest iPhone previously was $450, that's an awful big hill to climb to prove that many users would have been better served with a non-smartphone.

 

[blankslate]

Why? The user can just compile the fix, and install it themsel... Oh, wait...

With some phones that's possible. Not all.


_______________

 

[Commodus]

The issue isn't so much fragmentation as OEMs and carriers not living up to their end of the bargain. Remember how Google has more than once tried to get companies to offer timely upgrades, only for most of them to skip out on the pledge or face setbacks with carriers?

Apple's advantage isn't just that it controls both the hardware and software, but that it got carriers to give it much more control over when and how updates roll out. There's no staggered rollouts, no weeks-long testing phases (not in public, anyway), no excuses... when it's ready, it's ready for everyone.

 

[Raduque]

They need to investigate the carrier cartel.

 

[ThisIsChrisKim]

I don't know why the Feds are even asking this. Anyone who can connect the dots can see the entire point of Android is for Google to spam disposable phones onto the market with little regards to security, and their 80+% market share Android and proprietary Gapps should open Google up for antitrust investigations when judged by how much antitrust flack MS received back in 90/00s.

Android's monthly security patches for Nexus phones (and whoever else is interested in pushing them--seems like Samsung is one of the few that seems to provide at least semi-regular updates to some devices) seems to disagree with your assertion that Google themselves have little care for security.

 

[tsupersonic]

Android's monthly security patches for Nexus phones (and whoever else is interested in pushing them--seems like Samsung is one of the few that seems to provide at least semi-regular updates to some devices) seems to disagree with your assertion that Google themselves have little care for security.

I've seen Samsung just started doing this with GS7/Edge. Do you think they will push out monthly security updates for 2 years? My vote is no. When the GS8 comes out, they'll want people to upgrade to the latest and greatest.

This doesn't account for older Samsung devices either, and let's not throw in carrier locked devices...

 

[Compman55]

I sure hope someone can force the issue. I bought a new Samsung galaxy J1 in april, and it had and aug 2015 patch level. Stuck on 5.1.1 forever. Unacceptable out of the box.

I have an October 2014 LG G3 with a mar 2016 patch level. None of this makes sense. New out of box with a very old patch level, then a old stone age device with the near latest. Hopefully a regulation can be created to mandate updates for 2 yrs. I would be happy with this. Most phones can last even longer than this.

 

[maevinj]

I'm guessing this is just an Android issue, as Windows 10 mobile can receive OS updates OTA without carrier approval.

 

[Commodus]

I sure hope someone can force the issue. I bought a new Samsung galaxy J1 in april, and it had and aug 2015 patch level. Stuck on 5.1.1 forever. Unacceptable out of the box.

I have an October 2014 LG G3 with a mar 2016 patch level. None of this makes sense. New out of box with a very old patch level, then a old stone age device with the near latest. Hopefully a regulation can be created to mandate updates for 2 yrs. I would be happy with this. Most phones can last even longer than this.

What bugs me the most about Android OEMs' update policies is that they're often contingent on the sophistication of the phone you're buying. It's as if you're punished for living in the wrong part of the world, or for not trying hard enough in school. Oh, you're a middle-class Indian? Sorry, your brand new phone will be outdated and insecure within six months.

I would be delighted if the FCC and FTC forced phone makers to provide something approaching Apple's level of support. In this case, I like the idea of a two-year support minimum and requiring timely delivery of security updates. It'd prevent Android vendors from purposefully abandoning customers, and make them build phones that they can reasonably expect to maintain beyond minor patches.

 

[dawheat]

What bugs me the most about Android OEMs' update policies is that they're often contingent on the sophistication of the phone you're buying. It's as if you're punished for living in the wrong part of the world, or for not trying hard enough in school. Oh, you're a middle-class Indian? Sorry, your brand new phone will be outdated and insecure within six months.

I would be delighted if the FCC and FTC forced phone makers to provide something approaching Apple's level of support. In this case, I like the idea of a two-year support minimum and requiring timely delivery of security updates. It'd prevent Android vendors from purposefully abandoning customers, and make them build phones that they can reasonably expect to maintain beyond minor patches.

Have to disagree here - Android certainly has to get better in this respect, but there also have to be accommodations for the price point you're buying into.

The Samsung J1 is a $70 phone at Walmart right now - to expect multi-year software updates at that price point is pushing it. However buying higher end phones should come with higher expectations and support.

I don't think those folks would be better served using a dumbphone at that price point - certainly Apple doesn't provide any options here, nor do they want to. But at Apple's flagship only pricing, superior support should be expected. Most flagship Android phones should be taken to task for their generally poor update support.

 

[quikah]

Have to disagree here - Android certainly has to get better in this respect, but there also have to be accommodations for the price point you're buying into.

The Samsung J1 is a $70 phone at Walmart right now - to expect multi-year software updates at that price point is pushing it. However buying higher end phones should come with higher expectations and support.

Why? You can buy a new $30 Microsoft Lumia 640 at Best Buy right now and install the latest Windows 10 mobile release on it.

 

[Commodus]

Have to disagree here - Android certainly has to get better in this respect, but there also have to be accommodations for the price point you're buying into.

The Samsung J1 is a $70 phone at Walmart right now - to expect multi-year software updates at that price point is pushing it. However buying higher end phones should come with higher expectations and support.

I don't think those folks would be better served using a dumbphone at that price point - certainly Apple doesn't provide any options here, nor do they want to. But at Apple's flagship only pricing, superior support should be expected. Most flagship Android phones should be taken to task for their generally poor update support.

Well, it'd be a careful balance, I think. One year would be reasonable for a phone that inexpensive. Mid-range and above, however, should really be two years. You have the horsepower!

 

[Compman55]

I am not saying get free OS upgrades on cheap devices, but security upgrades should be pushed to every model regardless of price point for a certain time frame. I would say 2 years would be good. To be fair, why should someone at a lower income risk data hacking because they cannot afford a flagship? I still maintain a 2006 era Core 2 Duo laptop for someone and they can keep it up to date until windows is discontinued.

 

[Artdeco]

Not Google's fault, it's the carriers and the manufacturers...

 

[quikah]

Not Google's fault, it's the carriers and the manufacturers...

Google designed the system, they share some of the blame.

 

[ControlD]

I guess we'll see if anything comes out of this, but I doubt it.

As much as I would like to have a shiny new S7 or similar phone, the update issue is why I will never have one. At least not with a carrier that requires a locked boot loader (Verizon). the average consumer seems to not care much about updates I guess because those shiny new phones seem to be selling quite well.

 

[Commodus]

Not Google's fault, it's the carriers and the manufacturers...

Well, it is and it isn't. Carriers and OEMs usually create the delays, but Google also bears some responsibility for neither designing Android to minimize those delays nor making Apple-like arrangements that prevent companies from arbitrarily stalling releases.

One of the bigger mistakes Google made early on was hewing too slavishly to Andy Rubin's absolutist "we're open! Open open open!" philosophy. That created the same problem that many open source projects face: a laissez-faire policy sounds good in theory, but in practice it leads to partners pulling the project in all kinds of selfish directions that ultimately hurt users. It's better to have some sort of control over partners so that you don't end up in a situation like this, where companies delay OS updates for months or purposefully skip them in a bid to make you buy a new phone sooner.

 

[Red Storm]

First off If you want to compare Google to Apple, you have to compare Nexus phones to iPhones. If someone truly values frequent, timely updates, they should vote with their wallets instead of just buying the device with the lowest price tag. I definitely think the situation could be improved, but when you go out and buy an el-cheapo device expecting it to have the same level of support as a flagship device, well... you get what you pay for. Any improvements made to the current system would be great, but until then, those who care should vote with their wallets.

 

[Artdeco]

For Android to take off, Google had to make some trade offs, unfortunately, one of them was to give the manufacturers and carriers so much control over updates and security patches.

Manufacturers and carriers have no motivation to update, if you end up with a bug riddled phone, you buy a new one, and they make more $. Plus there are so many different phones, and so menu tweaks by the manufacturers and carriers, it becomes a Herculean task to keep up with the updates.

Doubt that Google can fix this any time soon, I strongly prefer the nexus phones because of Google's support.

<-hugs giant nexus 6.