back to article Feds urged to probe four US cell big boys over Android holes

The four biggest US cell networks could face a government probe, following allegations that security updates for Android smartphones have been held back, leaving millions of Americans vulnerable to hackers. The American Civil Liberties Union (ACLU) has formally asked the Federal Trade Commission (FTC) to conduct an …

COMMENTS

This topic is closed for new posts.
  1. adnim

    Why ever not?

    To save a few bucks?

    Because with the telco's knowledge some entity is making use of those vulnerabilities?

    The telco's themselves are making use of those vulnerabilities?

    All of the above?

    1. Armando 123

      Re: Why ever not?

      Never ascribe to malice or greed that which can be put down to laziness and incompetence.

      Says the guy who once contracted at a big telco.

      1. SteveK

        Re: Why ever not?

        Malice perhaps, but greed may have some involvement. I can imagine management asking why the developers are being paid to test and develop their shiny bloatware on last year's phone which might prevent consumers from upgrading to the new model (despite the now-standard 24 month lock-in). And heaven forbid they just provide the firmware as-is without all of their 'value'-added commercial services.

        Yes, could use custom firmware and getting increasingly tempted. However I use at least two apps that I know don't work on rooted/custom ROMs (one for banking, the other being the only useful bit that Orange do install and which no one has as-yet got working on custom JB ROMs (last I checked anyway) - Signal Boost, used for routing voice calls over wifi, and very useful if you frequently work in thick walled buildings and/or basements).

      2. Tom 35

        Re: Why ever not?

        It's hardly new to Android. I had to use a hack to install the factory code on my old Razor V3. It came with V1.0 + crap and was horrid. No update ever released. Update to 1.3 factory code without crap and it was quite usable.

        I now have a Nexus 4 so no Telco crapware, and I get updates. The same can be said for Apple as far as updates go.

        I REALLY don't want the telco to "differentiate" my phone by adding crap that sort of works and never gets upgraded after they move on to the next new phone.

    2. LarsG
      Meh

      Re: Why ever not? Yes...

      They have a duty of care and so do the manufacturers.

      However the practice is that once they have sold it to you, maybe given you an update or two they are off trying to sell you a new phone while at the same time saying your old phone cannot be upgraded to the new OS.

      This is usually a lie.

      1. Fatman

        Re: Why ever not? Yes...

        This is usually a lie.

        A real bald faced one, too!!!!!

  2. Henry Wertz 1 Gold badge

    Seems dubious...

    I don't like the US carriers, and I like Android updates. But, unfair and deceptive? Really? *shrug*

    Also, they may be disappointed in the result -- in general, one would not be getting an update from 2.3.x to ICS or JB, it'd be 2.3.5 to 2.3.6 or so. Think about it, newer android versions use (slightly) more ram and so on, and if the carriers pushed an update like that, THEN they'd get flack about making people's current phones useless due to "bloat" of the updates. In reality, the US carriers *are* terrible about this, some phones have real bug fixes from the carrier but nothing from the cell co. But, it's just not going to be some huge game changer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Seems dubious...

      > in general, one would not be getting an update from 2.3.x to ICS or JB, it'd be 2.3.5 to 2.3.6 [ ... ]

      Not true, not by a long shot.

      I updated my Motorola XT910 and my MB865 from 2.3.5 directly to ICS 4.0.4. DId it myself by unlocking and rooting the handsets.

      WARNING: Don't do this at home if you don't know what you are doing. You can brick your handset, and Motorola will NOT help you.

      Googorola then updated the XT910 to JB 4.1.2.

      For the record, Googorola is just as bad at pushing security fixes and upgrades as the Telephants are. JB has been out for many months now, and my XT910 JB 4.1.2 update didn't happen until two weeks ago. As far as the MB865 is concerned, I don't even know if it will ever be updated to JB.

      And this is for two Motorola handset models which are currently registered, fully supported and in manufacturer's warranty.

  3. asdf

    to be that guy

    Somebody had to say it. This is what custom roms are for. Yes I know many don't want to root and potentially invalidate warranty (very easy to put back to stock if know what you are doing but many don't) but this is more proof how you virtually have to. Long live the modding and rom community.

    1. adnim
      Thumb Up

      Re: to be that guy

      Yes, both my phone and Tab 2 run Cyanogen. I couldn't have done it without the modding community. I just haven't the time to master the skills I lack to do such a thing.

    2. Gene Cash Silver badge
      Linux

      Re: to be that guy

      No, it's not. I just want a plain 'ol Android phone with whatever the latest OS is, so I can run the apps I want.

      I might root it to get rid of Castle Defender, TwitBook or whatever other shovelware, but that's it. I have done the custom rom thing, and I just don't have the time to dick with all that.

      So I got a non-contract, straight-off-Play, Nexus 4 hooked up to a SIM-only T-Mobile account. Now Google can't whine about carriers, it's got to put up or shut up. And if they disappoint me, I'll be sorely pissed.

      1. asdf

        Re: to be that guy

        >I have done the custom rom thing, and I just don't have the time to dick with all that.

        Smartly done getting one of the few phones (Nexus 4) where you can largely go stock without immense pain. This doesn't apply to most but also the problem with 4.1+ stock android is the voice dialer doesn't work well without a data connection (supposedly due to Apple patent). Its one of the big reasons I put CM on the wife's (which does work well).

  4. Notas Badoff

    How long ago?

    "... Verizon Wireless told The Register that it "thoroughly" tested every update before delivering it to customers. "We ... provide mandatory updates to devices as quickly as possible, ...," a spokesman said."

    So, when did you last issue updates through your network. What month? Which year??

    Ask that of all the operators. No bullshit answers, just what was the last time?

  5. The_Regulator

    This is true

    Personally I am confident this is true. I have not experienced this with android but did with a Gen 1 Windows Phone where AT&T did not update my Samsung Focus. Based, on my experience I am sure it has happened with android updates too which are already a bigger target than WP. As for being deceptive I suspect that's a good legal term for filing a suit, it can't be a good thing though that carriers can block updates.

  6. Anonymous Coward
    Anonymous Coward

    How long before someone pops up and says it is all an Apple-based plot ?

    1. asdf

      hmm

      Apple is too busy trying not to shoot off its own foot right now to concoct elaborate plots. Tim Cook has all douchebaggery of Jobs without most of the talent.

  7. PineyCreek
    Facepalm

    Riiiight....

    So the ACLU is taking those companies to task because people are running software that doesn't match up to security standards? Well they could certainly broaden THAT beyond Android.

    1. asdf

      Re: Riiiight....

      Yeah how about Apple who love deprecating hardware (in sometimes as little as two years) to old iOS/OS X versions where it says all software is up to date even though there is known gaping holes Apple won't fix. Pretty sad that Linux and even Windows supports Apple's hardware better than Apple itself.

  8. Anonymous Coward
    Stop

    Amazon and Facebook would be better targets

    As they are encouraging/forcing users to disable the Android device security to install apps and updates.

    Surely thats FAR more irresponsible, and also far more likely to result in getting malware than some obscure OS bug...

    But then of course both these companies have friends in congress...

    1. Busby
      Facepalm

      Re: Amazon and Facebook would be better targets

      Agree to a certain extent but then on the other hand google could change the settings slightly. Something along the lines of allow xyz as approved sources and block the rest. Where now the situation is allow goggle only or allow everything, where they lump the amazon store and any other legitimate ones in with malware ridden apps downloaded from TPB for example. I'm pretty sure even the chocolate factory can see there is a more secure ways of doing it but the problem is while they may help users they would impact Googles bottom line.

      Seriouslyy why not have the option of adding trusted sources and blocking the rest?

  9. Anonymous Coward
    Anonymous Coward

    I wonder who is behind this pulling the strings?

    Yep, Microsoft and Apple upto their tricks as usual...

    This is how desperate they have become??

    1. amanfromMars 1 Silver badge

      Re: I wonder who is behind this pulling the strings?

      If Microsoft, Apple, Android and RIM Devices were Synced for Cross Platform Communication..... with and/or for Instruction Set Text Transfers and AudioVisual TeleCommunications ...... global intelligence would grow inexorably, very quickly.

      And thus be borne a race of SMARTR Beings of AIMined Mind and of a free notion to change everything for the betterment of everybody, everywhere , with NEUKlearer HyperRadioProActive Virtualised Realities ...... Presenting Global Events supplied in Protected Proprietary Intellectual Property as Shared in Synced Cross Platform Communications ....... Apple to Blackberry/Android through Windows etc .

      One Global Network Ring of Novel Noble Featured Information for Future IntelAIgents to Rule Peace with them All? Methinks that might be more Oracle Play Territory?

      How do y'all feel about your Future dictated by Virtual Machines and/or Foreign and Alien Bodies and CyberIDEntities?

      Present Fact or Future Fiction is a question which doesn't need asking of those in the know.

  10. Scummie
    FAIL

    Verizon, thoroughly tested? My arse.

    I have a Motorola Droid 4 on Verizon that had been running fine until the update to 4.1.2 was pushed down the pipe.

    I started having issues with my Bluetooth headset screaming static into my ear, and worse, spontaneous reboots of the phone. While I was on a call!

    The behavior continued after a full factory reset.

    I contacted their support department, and they promptly sent me a new (to me) phone. It had some mechanical issues with the slider, but worse, after updating it to the latest available (4.1.2 again, it came with 4.0.something) it started having the same problems. I did some checking, and found that these issues are known problems with 4.1.2, yet fixed in 4.2.2.

    When I contacted support this time, they told me that these were known problems, and that updates were being worked on, but with no ETA. They offered other phones to replace this one, but all only supported 4.1.2 (sigh).

    I got another Droid4 shipped to me, and if the rebooting continues I'll be forced to apply an unsupported version. Again, there seems to be no supported way to go back to 4.0 (and would I want to?).

    I hope this probe has some end-user-noticeable effect.

  11. Peter 39
    WTF?

    obsolete hardware

    asdf, before you post comments about Apple obsoleting old hardware, check your details.

    You can run the latest version iOS 6.1.3 on iPhone 3GS. And that was released mid-2009. That's, hhmmm, about FOUR years ago.

    What's more, you can get 6.1.3 at exactly the same time as the newest, shiniest iPhone 5 does.

    I think that Apple is doing a good job of taking care of its customers

    1. asdf

      Re: obsolete hardware

      How about the iPAD first generation not being able to upgrade to iOS 6 which at the time was only 2.5 years old? My Mac Pro also isn't supposed to be able to run the latest Mac OS X but does run it just fine if I use chameleon efi boot instead of Apple's. Linux and even Windows 8 also run fine on it. More proof of forced obsolescence.

    2. Tom 35

      Re: obsolete hardware

      "You can run the latest version iOS 6.1.3 on iPhone 3GS. And that was released mid-2009."

      Count from when it was discontinued, not when it was released. Lots of people have one that's less then one year old, you think they will get the next major release? People buying an iPhone 4 now might get one major release.

  12. Jim O'Reilly

    Dinosaurs?

    Sounds like Telcos either don't understand modern software practices or they don't care.

    I suspect it's the former!

    "Thoroughly test software release before they are sent to customers" sounds like old fashioned IBM-speak. Unless these companies have a small army of testers, they aren't telling the truth on this one.

    Anyway, the spectrum of market users provide the real test, and the quick turnaround of point releases give the proper remedy.

    Sounds a bit like the old AT&T is still alive!

  13. Dan Paul
    Devil

    FTC needs a clue - ALL Telcos are lying thieves and need a swift ball rearrangement

    If Cyanogen can put out a mod for damn near every Android device on the market, the Telco's can update their phones software/firmware every month.

    While we are at it FTC, make them take off all the damn bloatware and telco specific crap. THOSE are the only reasons why they don't push regular updates out to their phones (of any OS make) because they deliberately screw up the stock Android software.

    There are NO VIABLE HARDWARE RELATED REASONS!

    Fine them into oblivion by taking away spectrum everytime they screw up!

  14. Fatman

    Lies!!!

    A Sprint Nextel spokesperson told us that the telco "follows industry standard best practices" to protect its customers.

    Which one should read as:

    A Sprint Nextel spokesperson told us that the telco "follows industry standard best practices" to protect puts profits ahead of its customers.

    FTFY!!!!

  15. Martin Budden Silver badge
    Thumb Up

    Vanilla is the best flavour of Ginger-Honey-Ice-Jelly

    Android is great as made by Google. When third-party carriers add their own crap they ruin it. Stick with the plain vanilla Android and you'll be fine, which means when buying a phone always get the current Google-phone.

  16. Anonymous Coward
    Anonymous Coward

    That is how the system works.

    Handset manufacturers and carriers would rather sell you another piece of equipments instead of maintaining the one they sold. This is the so called "obsoleted as soon as you buy it" business model and it allows them to extract a steady revenue stream from us all. They know their software is crap and they don't bother fixing it because there is no money to make in it, at least not as much as they can do by forcing consumers to keep buying new stuff.

  17. gmguy

    Re: to be that guy

    @gene cash,

    The best way to get the latest updates is to have a pure Google phone. I have a galaxy nexus purchased from Google Play, and have received all the latest updates a week before the world was notified about it.

  18. Anonymous Coward
    Anonymous Coward

    Re: to be that guy

    @gene cash,

    The best way to get the latest updates is to have a pure Google phone. I have a galaxy nexus purchased from Google Play, and have received all the latest updates a week before the world was notified about it. Not to worry.

  19. dssf

    Left Hand-Right Hand Probably in Play, to the Benefit of the

    Telcos.

    With their lobbyists - in a closed session with the Senate/et al), they'll just claim that too-frequent updates (ROMs, Cyanogen, etc.) will disrupt the ability to collect timely info that (they'll claim) helped to avert numerous terrorist acts otherwise likely to occur.

    Of course, this assumes the Senate is lame enough to believe the the most hardened terrorists are not smart enough to mod their phones or use evasive, elusive intermediaries.

  20. silent_count

    Just no

    Sorry but, well meaning though they are, the ACLU is barking up the wrong tree with this one. The phone's owner should decides which ROM/OS version they run. The problem the ACLU should be attacking is impediments to the user (a) switching ROMs, and (b) switching carriers.

    If the phone's owner could switch ROMs without fear of invalidating their warranty then issue of updating the OS gets taken away from the carriers - who have a vested interest in dragging their heels. As has been pointed out, why provide updates for free when you can make people buy a new phone to get the latest OS?

    And if carrier lock-ins were made illegal, then the carriers would have to "differentiate" by providing timely updates rather than by shovelling crapware upon a captive audience.

This topic is closed for new posts.

Other stories you might like