Skip to main content

FTC and FCC shine a light on mobile security updates

switching from an iPhone to an Android device
Image used with permission by copyright holder
Google began issuing monthly security updates for Android ever since the Stagefright bug was exposed, and companies like Samsung, LG, and Sony committed to the program to also issue updates to their Android devices.

But how exactly are these updates moving along? What is the process of deciding which phones get updates? Do manufacturers communicate to software developers when there are threatening vulnerabilities? These are questions the Federal Trade Commission and the Federal Communications Commission want to find out.

The FTC has issued orders to eight companies, seeking more information about “how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.” And the list of companies aren’t restricted to Android device manufacturers.

The orders were sent to Apple, Google, Microsoft, BlackBerry, Samsung, LG, Motorola, and HTC. The requests for information cover topics such as when a company decides to disclose a vulnerability to consumers, whether companies offer unlocked variants of devices, what security testing processes each company follows, and more.

“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally,” the FCC said in a blog post.

For operating systems like Android, however, a large reason as to why updates don’t reach consumers is because of carriers. Many carriers delay pushing updates for a considerable length of time, and usually wait for big operating system updates. The FCC has reportedly sent out orders to carriers as well in a separate but parallel inquiry.

The FTC and the FCC want to spotlight the significant delays from device manufacturers and carriers in addressing vulnerabilities, to protect consumers from security threats. The move is undoubtedly positive for consumers — if federal action is taken to improve the time in which manufacturers and carriers push updates, that means more people will be running secure operating systems with fewer vulnerabilities.

If that type of action takes place, it would also be a considerable boon for Google, as it could potentially fix Android’s fragmentation problem.

Editors' Recommendations

Julian Chokkattu
Former Digital Trends Contributor
Julian is the mobile and wearables editor at Digital Trends, covering smartphones, fitness trackers, smartwatches, and more…
Android rebrands mobile security measures under one umbrella
In hand picture of Samsung Galaxy S22

Android's security branding has never been particularly strong, but a new initiative by the company seems to be changing that by putting all branches of Android security under one umbrella. Posted to the official Android YouTube channel today, a video titled Protected by Android introduces the new branding of the same name.

To be blunt: There's not much to it yet. Protected by Android is just a phrase that the company seems to be using as a catch-all for its security measures. The phrase appears as the title of the video and in the web address at the very end which promotes, a link to the "Safety" tab of Android's official website.

Read more
Apple update adds more antistalking tools to AirTags
Apple Air tag

Apple is rolling out more antistalking tools with the next update to iOS 15, coming in the next few weeks, according to a report from MacRumors. The new update will include messaging to warn users that stalking with AirTags is a crime, as well as other features that will make it more obvious when an AirTag is traveling with you.

These changes are relatively small, but they are the first of a few changes Apple had promised would be coming down the line. "Unwanted tracking has long been a societal problem, and we took this concern seriously in the design of AirTag. It’s why the Find My network is built with privacy in mind, uses end-to-end encryption, and why we innovated with the first-ever proactive system to alert you of unwanted tracking. We hope this starts an industry trend for others to also provide these sorts of proactive warnings in their products," Apple said in a blog post.

Read more
Apple’s iOS 15.3 update fixes critical Safari security bug
iPhone showing Home Screen with widgets resting on soft white cloth background.

Apple has just released iOS 15.3, and while this latest update doesn’t add any significant new features, it addresses at least one critical security flaw. Earlier this month, software engineer Martin Bajanik of FingerprintJS found a serious vulnerability in Safari 15, the browser included in iOS 15 and iPadOS 15, that could leak browsing history information and even credentials from online services that a person is using, such as Google, YouTube, Amazon, and sites using WordPress.

As Bajanik explains, many websites use an API called IndexedDB to request that browsers like Safari and Chrome store information in a local database on a person’s device. Under normal circumstances, a given website should only be able to request information about the databases that it created — any others should be invisible to it.

Read more