[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] ACLU Files Complaint With FTC Over Android Security Updates
- Subject: [ale] ACLU Files Complaint With FTC Over Android Security Updates
- From: neal at mnopltd.com (Neal Rhodes)
- Date: Sun, 21 Apr 2013 20:23:55 -0400
- In-reply-to: <[email protected]>
- References: <[email protected]>
yes. the ACLU taking this up seems odd.
However, I've seen a graph somewhere showing that essentially all
iPhones ever made can be updated the current versions of IOS.
But Android phones are a totally different story. Once the carrier
stops selling them, they get abandoned and rarely get security
i'm not an Apple fan, but the different was quite striking.
On Sat, 2013-04-20 at 22:41 -0400, James Taylor wrote:
> This seems releveant, considering recent conversations...
> From the latest Security Alerts Network Newsbites newsletter.
> "--ACLU Files Complaint With FTC Over Android Security Updates
> (April 17, 2013)
> The American Civil Liberties Union (ACLU) has filed a complaint with the
> US Federal Trade Commission (FTC) asking that the agency investigate
> major wireless phone service carriers for failing to deliver updates for
> known security issues in the Android operating system. The complaint
> alleges unfair and deceptive business practices for failing to
> distribute the patches and failing to inform customers that their
> devices are vulnerable to attacks. While Google has issued updates for
> the flaws, the carriers have not pushed them out in a timely manner.
> Apple issues its own updates for its phones, but individual carriers
> bear the responsibility of pushing out Android fixes.
> Text of Complaint:
> [Editor's Note (Pescatore): I think "Politics makes for strange
> bedfellows" comes from Shakespeare, but it sure applies here: the ACLU
> filing complaints about security issues? But I like their angle: if the
> carriers don't push out security patches to the phones, they are not
> honoring their side of the contracts they lock people into and thus the
> contracts should be invalidated. Nice incentive for the carriers to more
> regularly update Android phones. But this also points out the security
> advantages of the Apple and Blackberry model, where the hardware and
> software come from one vendor who does push out updates regularly, vs.
> the Android (and Windows PC) model where the user is on their own.
> (Northcutt): Kudos to our story collector, Kathy Bradford! This is a
> big story and everyone dealing with BYOD and MDM (Bring your own device
> and mobile device management) has skin in the game.
> (Shpantzer): Google could learn from Apple's closed ecosystem and
> enforce discipline in the Android Telco/OEM ranks. Fragmentation is
> theoretically good for security against mass malware (not a monoculture,
> hard to test on infinite number of hw/sw permutations), but old and
> terminally vulnerable versions of Android persist for months or even
> years, whereas new Apple iOS versions have 90% penetration in a matter
> of days or weeks.]"
> Ale mailing list
> Ale at ale.org
> See JOBS, ANNOUNCE and SCHOOLS lists at
-------------- next part --------------
An HTML attachment was scrubbed...