ACLU: Slow smartphone updates are privacy threat

Apr 17, 2013 by Raphael Satter

One of the leading U.S. civil-rights organizations is taking on an unusual cause: spotty smartphone updates. The American Civil Liberties Union is asking the U.S. Federal Trade Commission to investigate what it considers a failure by U.S. wireless carriers to properly update the Google-built operating system used on Android phones. The ACLU says that sluggish fixes have been saddling many smartphone users with software that is out of date and therefore dangerous.

"At its core, it's not all that different from any other defective product issue," said the ACLU's Chris Soghoian, who drew the between a vulnerable smartphone and "a toaster that blows up."

Experts and have long warned that failing to fix known —whether on phones or computers—gives opportunities to steal data or use the devices to launch larger attacks.

The ACLU's 17-page complaint, filed Tuesday, accused carriers AT&T Inc., Sprint Nextel Corp., T-Mobile USA and Verizon Wireless of ignoring those warnings. It cited figures showing that only 2 percent of devices worldwide had the latest version of 's installed. The complaint said that as many as 40 percent of all Android users are still using versions of software released more than two years ago.

The complaint said the carriers were exposing Android customers to "substantial harm" by not moving fast enough on upgrades. The ACLU asked the FTC to force carriers to either warn customers about the issue or start offering refunds.

The FTC said it received the ACLU's complaint but declined to comment further. The agency does not necessarily have to take the complaint up. If it does, an investigation would likely take months.

Carriers who replied to queries from The Associated Press denied delays in the updates, often described as patches. In emailed statements, Sprint said it followed "industry-standard best practices" to protect its customers, while Verizon said its patches were delivered "as quickly as possible." AT&T and T-Mobile did not return emails seeking comment. Google Inc., which was not targeted by the complaint, declined comment.

Carriers are in a tricky position. Google makes its Android operating software available for phone makers to use and modify as they see fit. Phone makers, in turn, let make additional changes, such as restricting software upgrades. The three-part process involves "rigorous testing," according to Verizon.

Making sure newer versions of Google's operating system run smoothly with all the various devices and carriers involved is particularly important for older phones, which may have trouble running the latest software or apps. Customers may not notice or care whether their Android device is running the latest and safest operating system, but they will notice if a misconfigured update means they can't make calls or run their favorite apps.

Yet Travis Breaux, a computer science professor at Carnegie Mellon University in Pittsburgh, said the testing process was straightforward. He suggested that carriers were struggling to adapt to the realities of fast-changing smartphone software.

"There are standard practices for testing and evaluating patches," Breaux said. "Microsoft does this all the time."

Jeffrey Silva, a telecom policy analyst with New York-based Medley Global Advisors, said he had a tough time understanding the delays given the highly competitive U.S. cellphone market.

"It's hard to know why they haven't done it to date," he said. "They have all the incentive in the world."

Soghoian said that pressuring carriers to update their phones more quickly wasn't a bid to turn the ACLU into a consumer-protection body. Instead, he said, the organization wanted to advertise the sorts of steps that could be taken to boost the nation's online defenses without the need for invasive new laws. In particular, he referred to a cybersecurity bill now before Congress. Critics—including the White House—say that bill doesn't adequately protect private data.

"This is part of our attempt to reframe the cybersecurity agenda," Soghoian said. "Before violating anyone's privacy, the government should first be addressing the low-hanging fruit that everyone can agree on."

Explore further: Beyond GoPro: Skiers and snowboarders can measure everything with apps, hardware

More information: The ACLU on smartphone security:

3.8 /5 (15 votes)
add to favorites email to friend print save as pdf

Related Stories

Wireless carriers unite on mobile apps project

Feb 15, 2010

(AP) -- The world's largest mobile phone carriers say they're joining forces to make it easier for software developers to write apps that will run on as many phones as possible.

Senate panel grills Apple, Google on location data

May 10, 2011

(AP) -- A Senate panel is questioning executives from Apple and Google about why iPhones and handheld wireless devices running Google's Android software store location data that can be used to track where their owners have ...

Document shows how phone cos. treat private data

Sep 29, 2011

A document obtained by the ACLU shows for the first time how the four largest cellphone companies in the U.S. treat data about their subscribers' calls, text messages, Web surfing and approximate locations.

Wireless carriers are blocking tethering apps

May 02, 2011

( -- If you have an Android 2.2 OS smartphone, such as the HTC Nexus One, then you have tethering as part of the base experience. Other users could make tethering an option for themselves by downloading ...

Google mobile head says Nexus One too ambitious

Dec 07, 2010

(AP) -- The head of Google's Android mobile operating software says the search company "bit off a little more than we could chew" with the sale of the Nexus One, a smart phone Google began selling online early this year ...

Recommended for you

Team infuses science into 'Minecraft' modification

13 hours ago

The 3-D world of the popular "Minecraft" video game just became more entertaining, perilous and educational, thanks to a comprehensive code modification kit, "Polycraft World," created by University of Texas at Dallas professors, ...

Microsoft's Garage becomes an incubator of consumer apps

16 hours ago

For five years now, The Garage has served as Microsoft's incubator for employees' passion projects, an internal community of engineers, designers, hardware tinkerers and others from all different parts of the company who ...

Students win challenge for real-time traffic app

16 hours ago

Three University of Texas at Arlington Computer Science and Engineering students have won a $10,000 prize in the NTx Apps Challenge for a smart traffic light network that adjusts traffic light schedules to ...

Blink, point, solve an equation: Introducing PhotoMath

Oct 22, 2014

"Ma, can I go now? My phone did my homework." PhotoMath, from the software development company MicroBlink, will make the student's phone do math homework. Just point the camera towards the mathematical expression, ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (1) Apr 17, 2013
This is entirely intentional on the part of the carriers, it is planned obsolescence, to help them sell phones. Almost any phone made in the past 3 years could be running the latest version of Android, but then people who have them would be less inclined to get a new one.