Because security is always of the utmost importance, but maybe even more so today on mobile because we all have a smartphone and use it for everything we do, the FCC wants to figure out why it’s taking carriers and manufacturers such a long time to get you updates, namely security patches. Yesterday, through a press release, the FCC announced that it is partnering with the FTC to open an inquiry into mobile device security updates. The basic idea here is that they want carriers and manufacturers to tell them their process for updating, to see what can be improved.
The announcement from the FCC name-drops Stagefright as an example, a vulnerability that really had the potential to be a disaster for many people, but has since been patched a number of times by Google. Stagefright was such a big deal during much of last year that companies like Google, Samsung, and LG all promised monthly security patches to try and protect users going forward. Unfortunately, not everyone got on board with the monthly schedule and there could be millions of vulnerable people still to date with older devices that are no longer supported by OEMs or carriers.
The FCC sent letters carriers with questions about the processes for “reviewing and releasing security updates for mobile devices.” They want to know things like, if the carrier faces issues or hurdles in releasing updates, if there are hurdles getting users to install new updates, if carriers know if updates have been installed, and if security vulnerabilities in mobile devices pose threats to their networks. They also want to know all of the parties involved in getting an update ready and pushed out, how this process works differently from one operating system to the next, and when do carriers cut off security patch support for devices.
I can’t help but applaud the FCC for probing carriers over security updates, but will say that many of them have become quite good at getting out the monthly patches that start with Google and then carry on through companies like Samsung, LG and HTC. Thankfully, the FTC says that it is going after eight phone manufacturers (Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola Mobility, and Samsung) to find out similar information. That’s a good thing, because there are certainly a couple that need to get with the program.
All parties have 45 days to respond to the FCC and FTC, so it could be a while before we know anything, including findings, thoughts, and if there are going to be recommendations for improving the entire process.