Feeds

Feds urged to probe four US cell big boys over Android holes

Security threat means 'unfair and deceptive business practices'

Boost IT visibility and business value

Updated The four biggest US cell networks could face a government probe, following allegations that security updates for Android smartphones have been held back, leaving millions of Americans vulnerable to hackers.

The American Civil Liberties Union (ACLU) has formally asked the Federal Trade Commission (FTC) to conduct an investigation and act on what it calls "deceptive and unfair business practices" by the carriers. The ACLU singled out AT&T, Verizon Wireless, Sprint Nextel, and T-Mobile USA, which together own 94 per cent of the US wireless market and have 300 million subscribers.

"A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers," the ACLU stated.

The pressure group added that the telcos have failed to warn customers that their cell phones were vulnerable to hacking, and that other mobiles are available that receive regular and prompt updates – a fact that might persuade customers to switch providers. The unpatched security bugs, left lying around in old versions of Android, can be exploited to take control of the device or snoop on the user.

The ACLU filed an official request for investigation and a complaint for injunctive relief to the FTC this week in Washington DC. The group wants telcos to warn subscribers that their phones are running on out-of-date and insecure versions of Google's Android. They also want carriers to give worried customers the option to ditch their vulnerable handsets by breaking their contracts early.

The paperwork was written by Chris Soghoian – the ACLU's principal technologist and a senior policy analyst within the group's speech, privacy and technology project – and Ben Wizner, the director of the project. You can read the document here (PDF).

Android runs on 68 per cent of the world's smartphones, according to IDC research, but Google admits that fewer than half of those 'droid handsets use the latest version of its mobile operating system. Just two per cent of Android phones use the most up-to-date release of Android, 4.2.x, compared to 44 per cent running Android 2.3.

The ACLU pointed out that the slow rate of adoption of Android 4.2.x is not the fault of users, but of the carriers which are not pushing out software updates for customers' phones.

Unless the smartmobe comes direct from Google, as does the Nexus, the copy of Android it's running can only be updated over the carrier's own network. But, says the ACLU, the carriers are not updating Android. With neither Google nor the carriers acting, 'millions of smartphone users are left in the dark.

The Google Play Store, however, can deliver over-the-air updates to Android-powered gear. Mozilla, Google, and Opera have released updates to the Firefox, Chrome, and Opera browsers via the online software shop.

"To date," the ACLU stated, "the major wireless carriers have failed to warn their customers about known vulnerabilities in the default Android browser, nor informed them about the availability of other web browsers for Android, including Chrome, Firefox and Opera which receive regular security updates."

Responding to the ACLU's allegations, Verizon Wireless told The Register that it "thoroughly" tested every update before delivering it to customers. "We work closely with our OEM partners and provide mandatory updates to devices as quickly as possible, giving attention and priority to ensuring a good and secure customer experience," a spokesman said.

A Sprint Nextel spokesperson told us that the telco "follows industry standard best practices" to protect its customers. A spokesperson for T-Mobile said the company takes security "very seriously, and regularly provides security updates to our customers, including those using the Android operating system."

AT&T gave us a statement attributed to CTIA cybersecurity and technology vice president John Marinho issued on behalf of the whole industry claiming that US wireless networks "are among the most secure in the world."

"CTIA and its members are constantly investing in their networks to guard against cyberattacks. We will continue to work with all interested parties so that U.S. wireless users are able to have the best experience possible," Marinho said.®

This article has been updated with additional comment from AT&T and T-Mobile.

The Essential Guide to IT Transformation

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.