The American Civil Liberties Union Foundation, the non-partisan organization dedicated to the constitutional principles of liberty and equality, has filed a mobile security complaint with the Federal Trade Commission.
The ACLU claims that the four major mobile carriers — AT&T, Verizon, T-Mobile, and Sprint — are not doing enough to protect users’ private and personal data related to security updates on their Android devices. The ACLU says the mobile providers are all using a “deceptive and unfair business practice” — but what exactly are they doing?
The ACLU claims that even though Google (which creates and maintains the Android operating system) has published Android security updates, the mobile providers themselves have not sent clear notices to consumers. The formal complaint to the FTC includes the following claims:
“The wireless carriers have failed to warn consumers that the smartphones sold to them are defective, that they are running vulnerable software, and that other smartphones are available that receive regular, prompt updates to which consumers could switch.”
The ACLU says a significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers’ smartphones by the wireless carriers and their handset manufacturer partners.
“Android smartphones that do not receive regular, prompt security updates are defective and unreasonably dangerous. As the FTC has acknowledged, security vulnerabilities on consumers’ mobile devices may be used “to record and transmit information entered into or stored on the device … to target spearphishing campaigns, physically track or stalk individuals, and perpetrate fraud, resulting in costly bills to the consumer … [and to misuse] sensitive device functionality such as the device’s audio recording feature … to capture private details of an individual’s life.”
It is estimated that 53% of the smartphones used by wireless subscribers in the United States run Google’s Android operating system. In the 4th quarter of 2012, an estimated 70% of the new smartphones shipped to consumers worldwide were Android devices.