ACLU files FTC complaint about Android security
Is the American Civil Liberties Union an iPhone shop, or is the organization really looking out for your best interests? I ask because the complaint filed yesterday with the Federal Trade Commission (and revealed today) is the kind of marketing Apple probably couldn't afford. This thing is a goldmine of FUD (you know, fear uncertainty and doubt) -- Christmastime good, when Santa packs the room with presents and they're all for you.
But, wait, Google gets gifted, too! Because the complaint is more about carriers dragging their bums updating Android than any fundamental security problem with the platform. The operating system has "known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers’ smartphones by the wireless carriers and their handset manufacturer partners", according to the legal filing.
The 16-page complaint is a wonder. The FTC is charged with protecting consumers, for which the ACLU accuses U.S. carriers inflict much harm by way of Android phones: Devices "that do not receive regular, prompt security updates are defective and unreasonably dangerous".
There's a well-spring of FUD marketing for Apple here. "The wireless carriers have failed to warn consumers that the smartphones sold to them are defective, that they are running vulnerable software, and that other smartphones are available that receive regular, prompt updates to which consumers
could switch", the ACLU complaint states. Apple makes the majority of handsets sold in the United States receiving timely updates. Google ranks second with devices like Nexus 4.
But there is plenty of goodwill for Google, which struggles to get carriers and manufacturers to update Android in timely fashion. Only one-quarter of Android devices accessing Google Play in the 14 days before April 2 run current version Jelly Bean, which released in July. ACLU does Google goodness by demanding that carriers are accountable for releasing updates that, at the least, patch vulnerabilities.
"The slow rate of adoption of the most recent versions of Android does not reflect a failure by consumers to seek out and install operating system updates", according to the complaint. "Instead, it reflects the fact that for most Android smartphones in use, updates to the most recent version of the operating system simply have not been made available for consumers to install".
Unsurprisingly, ACLU demands change, and as I read the document so beneficial to Google maybe I should wonder if the group is an Android shop -- or if the search-and-information giant isn't somehow involved here. I ask in part because the section about browsers could have been written by a Google marketer: "The majority of Android phones used by consumers are also running an out of date, insecure version of the default Android web browser". Well, maybe Google wouldn't so strongly word such a sentence but benefits if more people use Chrome mobile.
The complaint singles out major cellular carriers -- AT&T, Sprint, T-Mobile and Verizon Wireless.
"If the mobile carriers are not going to provide important security updates, the FTC should at a minimum force them to provide device refunds to consumers and allow consumers to terminate their contracts without penalty so that they can switch to a provider who will", Chris Soghoian, ACLU senior policy analyst, says today.
The ACLU requests that the Commission investigate the major wireless carriers and enjoin their unfair and deceptive business practices. Specifically, the ACLU requests that the Commission:
A. Compel the major wireless carriers to warn all subscribers using carrier-supplied Android smartphones with known, unpatched security vulnerabilities about the existence and severity the vulnerabilities, as well as any reasonable steps those consumers can take to protect themselves, including purchasing a different smartphone.
B. Compel the major wireless carriers to permit consumers under contract who are using carrier-supplied Android smartphones which have not received prompt, regular security updates to end their contracts early, without any early termination fee.
C. Compel the wireless carriers to permit consumers who are using carrier-supplied Android smartphones less than two years old which have not received prompt, regular security updates to either:
- Exchange, at no cost, their existing device for another phone that will receive prompt, regular updates directly from Apple, Google, Microsoft or another mobile operating system vendor.
- Return the phone and receive a full refund of the original purchase price.
If you're looking for an excuse to get out of your contract and switch to iPhone or another Android, ACLU may offer a way.