Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

US regulators probe Apple, Google, Verizon & others on security patches

A variety of wireless carriers and smartphone and tablet makers, including Apple, are reportedly being asked by U.S. regulators to explain how they review and push out security updates to their customers.

The issue is being examined by both the Federal Communications Commission and the Federal Trade Commission, Bloomberg said. The FCC has sent out letters to AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, and TracFone Wireless. The FTC, meanwhile, has issued orders to Apple, Google, BlackBerry, HTC, LG, Microsoft, Motorola, and Samsung.

At stake are the potential vulnerabilities left open by delaying a fix. While Google regularly updates Android, for instance, companies like HTC and Samsung often use custom skins and apps that can postpone those changes coming to their own devices — if they arrive at all, in the case of older hardware. Carriers can sometimes impose their own delays on when updates reach customers.

As an example the FCC made specific reference to Android's "Stagefright" vulnerability, which it said could be affecting up to a billion devices. Google has worked to patched the problem but many devices may still be at risk because of slow third-party support.

Both Apple and Google issue point releases to fix critical bugs and vulnerabilities, but will also sometimes hold off on less serious problems until code can be wrapped into a planned update.

The FTC said that the information it wants includes the factors used in deciding whether to patch a hole, details on devices sold since August 2013, and which vulnerabilities have impacted those products, as well as whether they've been solved.



12 Comments

r00fus1 8 Years · 65 comments

Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.

foggyhill 10 Years · 4767 comments

In the case of Android, they didn't a fuck about their customer when they set up their OS; and now they blame the OEM who makes 2% of their phones while being slaves to Google...

Google by not allowing OEM's to fork Android has removed the incentive for them to sell anything but new phones.

People like you keep getting Google off the hook when they're mostly responsible for this shit happening in the first place.

lkrupp 19 Years · 10521 comments

Wait... What? The government is investigating whether technology companies issue security patches in a timely matter, and then turns right around and demands back doors to get around those very patches so they can hack a device at will? Is that what’s going on here? And they want to know about any vulnerabilities and whether they have been solved? Isn’t that just giving the henhouse key to the fox?

foggyhill 10 Years · 4767 comments

r00fus1 said:
Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.

Get a clue, the reason its like that is that OEM and phone company can barely make a buck off new phones let alone supporting old phones and Google fucked up in the way they intially created the OS.

Not allowing OEM's to actually be able to take control of their own version of Android (thus anti trust investigations) explains why they don't give a crap.

Google set up things to be the way they are and now you're whining about the OEM not spending their last bit of profits supporting old phones!

If they OEM's have to lose money to support those old phones, most will just fold and there will be not selection left in the Android space at all except maybe conglomerates like Samsung and LG.

adrayven 12 Years · 460 comments

foggyhill said:
r00fus1 said:
Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.
Get a clue, the reason its like that is that OEM and phone company can barely make a buck off new phones let alone supporting old phones and Google fucked up in the way they intially created the OS.

Not allowing OEM's to actually be able to take control of their own version of Android (thus anti trust investigations) explains why they don't give a crap.

Google set up things to be the way they are and now you're whining about the OEM not spending their last bit of profits supporting old phones!

If they OEM's have to lose money to support those old phones, most will just fold and there will be not selection left in the Android space at all except maybe conglomerates like Samsung and LG.

Get a clue.. Android allowed that until 4.0, and it was HORRIFIC.. OEM's having control doesn't mean they will do crap. They just let things fall behind even further..

It wasn't util Google stepped up and started pushing that HTC ACTUALLY started pushing out updates.. I remember the first versions of the HTC Android phones from Sprint. They got 2, read it, 2 minor updates and then they realized if they kept updating people might not buy new..

OEM's have never had much incentive period. Trying to make it sound like Google is the reason is stupid. Also, Google doesn't control the cost of hardware or the market's costs.. They have never charged any of the OEM's for the OS either.. The profits, or lack their of, is completely on the OEM's.

Thats like saying that a free a car is the reason your late for work. Bulk of the responsibility is on the OEM, not Google. Google can only hand them to tools to do it right, they can only push so much before it's up to the OEM to do the right thing.