[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] ACLU Files Complaint With FTC Over Android Security Updates

yes. the ACLU taking this up seems odd.  

However, I've seen a graph somewhere showing that essentially all
iPhones ever made can be updated the current versions of IOS. 

But Android phones are a totally different story.   Once the carrier
stops selling them, they get abandoned and rarely get security

i'm not an Apple fan, but the different was quite striking. 

Neal Rhodes

On Sat, 2013-04-20 at 22:41 -0400, James Taylor wrote:

> This seems releveant, considering recent conversations...
> -jt
> From the latest Security Alerts Network Newsbites newsletter.
> "--ACLU Files Complaint With FTC Over Android Security Updates
> (April 17, 2013)
> The American Civil Liberties Union (ACLU) has filed a complaint with the
> US Federal Trade Commission (FTC) asking that the agency investigate
> major wireless phone service carriers for failing to deliver updates for
> known security issues in the Android operating system. The complaint
> alleges unfair and deceptive business practices for failing to
> distribute the patches and failing to inform customers that their
> devices are vulnerable to attacks. While Google has issued updates for
> the flaws, the carriers have not pushed them out in a timely manner.
> Apple issues its own updates for its phones, but individual carriers
> bear the responsibility of pushing out Android fixes.
> http://www.wired.com/threatlevel/2013/04/aclu-android-security-issue/
> http://www.h-online.com/security/news/item/ACLU-calls-for-FTC-investigation-into-carrier-Android-1844175.html
> http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unfair/
> http://www.washingtonpost.com/business/technology/2013/04/16/1d7364fc-a6c9-11e2-a8e2-5b98cb59187f_story.html
> Text of Complaint:
> http://www.aclu.org/files/assets/aclu_-_android_ftc_complaint_-_final.pdf
> [Editor's Note (Pescatore): I think "Politics makes for strange
> bedfellows" comes from Shakespeare, but it sure applies here: the ACLU
> filing complaints about security issues? But I like their angle: if the
> carriers don't push out security patches to the phones, they are not
> honoring their side of the contracts they lock people into and thus the
> contracts should be invalidated. Nice incentive for the carriers to more
> regularly update Android phones. But this also points out the security
> advantages of the Apple and Blackberry model, where the hardware and
> software come from one vendor who does push out updates regularly, vs.
> the Android (and Windows PC) model where the user is on their own.
> (Northcutt):  Kudos to our story collector, Kathy Bradford! This is a
> big story and everyone dealing with BYOD and MDM (Bring your own device
> and mobile device management) has skin in the game.
> (Shpantzer): Google could learn from Apple's closed ecosystem and
> enforce discipline in the Android Telco/OEM ranks.  Fragmentation is
> theoretically good for security against mass malware (not a monoculture,
> hard to test on infinite number of hw/sw permutations), but old and
> terminally vulnerable versions of Android persist for months or even
> years, whereas new Apple iOS versions have 90% penetration in a matter
> of days or weeks.]"
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130421/081df397/attachment.html>