Top tech organizations have been “ordered” to disclose their approach to security updates with mobile devices.
The Federal Trade Commission (FTC) has asked Apple, Blackberry, Google, HTC America, LG Electronics USA, Microsoft Corp, Motorola Mobility and Samsung Electronics America to provide details on this.
Some of the information that has been requested includes:
- What they consider when deciding whether to patch a vulnerability on a device (such as a smartphone or tablet)
- “Detailed data” on mobile devices they have sold since August 2013
- Information on vulnerabilities that have been found on these devices
- Which vulnerabilities have been patched or not
- When these vulnerabilities were patched
The FTC says that this is part of its effort to understand the nature of security in the “mobile ecosystem”.
In addition to this, the Federal Communications Commission (FCC) has launched a separate inquiry into how tech companies, such as the ones noted above, deliver security updates to devices.
“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” the FCC stated.
"There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device."
“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including Stagefright in the Android operating system, which may affect almost one billion Android devices globally.”
The concern is that without appropriate and timely updates, consumers around the world will be exposed to all types of threats.
Some of the problems already identified by the FCC include “significant delays” to issuing patches, as well as neglecting to deliver patches for older devices.
