ACLU files FTC complaint against carriers over Android security updates

Alex Wagner
Editorial Director of News and Content from Omaha, NE
Published: April 17, 2013

Android figure close

It's no secret that, unless you're rocking an Android phone or tablet that bears the Nexus branding, it can take some time to get software updates pushed to your device. While this usually just leads to users being upset about missing out on new features because they're not running the latest version of Android, it can also cause consumers to be left with open vulnerabilities on their devices because they have security holes that are open longer than they should be. The American Civil Liberties Union recognizes this and has filed a complaint with the Federal Trade Commission asking that the four major U.S. carriers be investigated for failing to properly warn their subscribers about unpatched vulnerabilities on their devices.

In its 16-page complaint, the ACLU argues that there is a "significant number of consumers" running outdated, vulnerable software on their Android phones because the carriers and manufacturers have not distributed updates to fix them, even if Google has patched the issues itself. The ACLU goes on to say that the wireless operators fail to let their customers know about these vulnerabilities, and as a result, their actions constitute deceptive and unfair business practices.

As a result of what it feels are unfair business practices, the ACLU asks that the FTC force the carriers to begin educating their users about the existence of unpatched security holes as well as any steps that consumers can take to protect themselves against these issues. The ACLU also says that the wireless operators should allow any subscribers that are under contract with an Android phone that hasn't received quick, regular security updates to be freed of their contract without an early termination fee.

Finally, the ACLU wants carriers to allow consumers with carrier-supplied Android phones that are less than two years old and haven't received regular security updates to either exchange their existing phone for a new one from Apple, Google or Microsoft that will receive prompt updates, or straight up return the phone for a full refund.

While it's good to see that the ACLU is fighting for consumers to get speedier, more regular security updates on their Android phones, we'll just have to wait and see if this FTC complaint actually accomplishes anything. The big U.S. carriers aren't exactly known for making major policy changes at the drop of a hat, so you can be sure that they'll fight back against the complaint and argue that because updates must be tested before release, they already push out updates as quickly as they can. For now we'll just have to sit by and see how this situation plays out. What do you think of the ALCU's argument? Do the major wireless carriers deserve to be investigated for failing to warn their subscribers about unpatched vulnerabilities on their phones?

Via GigaOM, ACLU blog post, ACLU complaint