US regulators probe Apple, Google, Verizon & others on security patches
A variety of wireless carriers and smartphone and tablet makers, including Apple, are reportedly being asked by U.S. regulators to explain how they review and push out security updates to their customers.
The issue is being examined by both the Federal Communications Commission and the Federal Trade Commission, Bloomberg said. The FCC has sent out letters to AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, and TracFone Wireless. The FTC, meanwhile, has issued orders to Apple, Google, BlackBerry, HTC, LG, Microsoft, Motorola, and Samsung.
At stake are the potential vulnerabilities left open by delaying a fix. While Google regularly updates Android, for instance, companies like HTC and Samsung often use custom skins and apps that can postpone those changes coming to their own devices -- if they arrive at all, in the case of older hardware. Carriers can sometimes impose their own delays on when updates reach customers.
As an example the FCC made specific reference to Android's "Stagefright" vulnerability, which it said could be affecting up to a billion devices. Google has worked to patched the problem but many devices may still be at risk because of slow third-party support.
Both Apple and Google issue point releases to fix critical bugs and vulnerabilities, but will also sometimes hold off on less serious problems until code can be wrapped into a planned update.
The FTC said that the information it wants includes the factors used in deciding whether to patch a hole, details on devices sold since August 2013, and which vulnerabilities have impacted those products, as well as whether they've been solved.
The issue is being examined by both the Federal Communications Commission and the Federal Trade Commission, Bloomberg said. The FCC has sent out letters to AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, and TracFone Wireless. The FTC, meanwhile, has issued orders to Apple, Google, BlackBerry, HTC, LG, Microsoft, Motorola, and Samsung.
At stake are the potential vulnerabilities left open by delaying a fix. While Google regularly updates Android, for instance, companies like HTC and Samsung often use custom skins and apps that can postpone those changes coming to their own devices -- if they arrive at all, in the case of older hardware. Carriers can sometimes impose their own delays on when updates reach customers.
As an example the FCC made specific reference to Android's "Stagefright" vulnerability, which it said could be affecting up to a billion devices. Google has worked to patched the problem but many devices may still be at risk because of slow third-party support.
Both Apple and Google issue point releases to fix critical bugs and vulnerabilities, but will also sometimes hold off on less serious problems until code can be wrapped into a planned update.
The FTC said that the information it wants includes the factors used in deciding whether to patch a hole, details on devices sold since August 2013, and which vulnerabilities have impacted those products, as well as whether they've been solved.
Comments
Google by not allowing OEM's to fork Android has removed the incentive for them to sell anything but new phones.
People like you keep getting Google off the hook when they're mostly responsible for this shit happening in the first place.
Not allowing OEM's to actually be able to take control of their own version of Android (thus anti trust investigations) explains why they don't give a crap.
Google set up things to be the way they are and now you're whining about the OEM not spending their last bit of profits supporting old phones!
If they OEM's have to lose money to support those old phones, most will just fold and there will be not selection left in the Android space at all except maybe conglomerates like Samsung and LG.
It wasn't util Google stepped up and started pushing that HTC ACTUALLY started pushing out updates.. I remember the first versions of the HTC Android phones from Sprint. They got 2, read it, 2 minor updates and then they realized if they kept updating people might not buy new..
OEM's have never had much incentive period. Trying to make it sound like Google is the reason is stupid. Also, Google doesn't control the cost of hardware or the market's costs.. They have never charged any of the OEM's for the OS either.. The profits, or lack their of, is completely on the OEM's.
Thats like saying that a free a car is the reason your late for work. Bulk of the responsibility is on the OEM, not Google. Google can only hand them to tools to do it right, they can only push so much before it's up to the OEM to do the right thing.
Is it so they have a gold standard to compare all others to? To make it appear they aren't just targeting Android device makers?
Or are they really that clueless about how updates occur and are in for a rude awakening when they see the huge disparity between iOS and Android?
I mean really... the reasons are so obvious, I'm really surprised you are even implying that it would be better.
Android is a mess because Google wants consistency and the handset makers just want to wreck it for their own, personal gain. The handset makers proved to me that they would be the worse since it's obvious they have zero ability and/or incentive RIGHT NOW to update the OS on their older handsets. I mean really... WTF??
These are manufacturers who put out a myriad of devices, many of which only exist as a singular product, a carrier-specific sku or a one-time promotional differentiator. We're talking hundreds to thousands of models from each manufacturer.
There is simply insufficient resources to go over each and every Android device and patch them. The people who may be knowledgeable for such devices may have even moved on entirely.
The problem is mirrored by developing for Android, where similar fragmentation and inconsistent quality of sensors across devices force developers into lengthy testing and revision processes.
We're talking about a scenario where even the latest devices are not running a recent version of Android, and even receiving a single patch is of low probability.
1. The federal government has issued multiple sets of orders and guidance to enhance sharing of threat and vulnerability information between the public and private sectors.
2. The federal government is not releasing knowledge of the vulnerability used to hack into an iPhone so they can use it again.
3. The federal government is investigating Apple for how effective they are at patching vulnerabilities.
Neat.