ACLU: Slow smartphone updates are privacy threat

April 17, 2013 by Raphael Satter

One of the leading U.S. civil-rights organizations is taking on an unusual cause: spotty smartphone updates. The American Civil Liberties Union is asking the U.S. Federal Trade Commission to investigate what it considers a failure by U.S. wireless carriers to properly update the Google-built operating system used on Android phones. The ACLU says that sluggish fixes have been saddling many smartphone users with software that is out of date and therefore dangerous.

"At its core, it's not all that different from any other defective product issue," said the ACLU's Chris Soghoian, who drew the between a vulnerable smartphone and "a toaster that blows up."

Experts and have long warned that failing to fix known —whether on phones or computers—gives opportunities to steal data or use the devices to launch larger attacks.

The ACLU's 17-page complaint, filed Tuesday, accused carriers AT&T Inc., Sprint Nextel Corp., T-Mobile USA and Verizon Wireless of ignoring those warnings. It cited figures showing that only 2 percent of devices worldwide had the latest version of 's installed. The complaint said that as many as 40 percent of all Android users are still using versions of software released more than two years ago.

The complaint said the carriers were exposing Android customers to "substantial harm" by not moving fast enough on upgrades. The ACLU asked the FTC to force carriers to either warn customers about the issue or start offering refunds.

The FTC said it received the ACLU's complaint but declined to comment further. The agency does not necessarily have to take the complaint up. If it does, an investigation would likely take months.

Carriers who replied to queries from The Associated Press denied delays in the updates, often described as patches. In emailed statements, Sprint said it followed "industry-standard best practices" to protect its customers, while Verizon said its patches were delivered "as quickly as possible." AT&T and T-Mobile did not return emails seeking comment. Google Inc., which was not targeted by the complaint, declined comment.

Carriers are in a tricky position. Google makes its Android operating software available for phone makers to use and modify as they see fit. Phone makers, in turn, let make additional changes, such as restricting software upgrades. The three-part process involves "rigorous testing," according to Verizon.

Making sure newer versions of Google's operating system run smoothly with all the various devices and carriers involved is particularly important for older phones, which may have trouble running the latest software or apps. Customers may not notice or care whether their Android device is running the latest and safest operating system, but they will notice if a misconfigured update means they can't make calls or run their favorite apps.

Yet Travis Breaux, a computer science professor at Carnegie Mellon University in Pittsburgh, said the testing process was straightforward. He suggested that carriers were struggling to adapt to the realities of fast-changing smartphone software.

"There are standard practices for testing and evaluating patches," Breaux said. "Microsoft does this all the time."

Jeffrey Silva, a telecom policy analyst with New York-based Medley Global Advisors, said he had a tough time understanding the delays given the highly competitive U.S. cellphone market.

"It's hard to know why they haven't done it to date," he said. "They have all the incentive in the world."

Soghoian said that pressuring carriers to update their phones more quickly wasn't a bid to turn the ACLU into a consumer-protection body. Instead, he said, the organization wanted to advertise the sorts of steps that could be taken to boost the nation's online defenses without the need for invasive new laws. In particular, he referred to a cybersecurity bill now before Congress. Critics—including the White House—say that bill doesn't adequately protect private data.

"This is part of our attempt to reframe the cybersecurity agenda," Soghoian said. "Before violating anyone's privacy, the government should first be addressing the low-hanging fruit that everyone can agree on."

Explore further: Wireless carriers unite on mobile apps project

More information: The ACLU on smartphone security:


Related Stories

Wireless carriers unite on mobile apps project

February 15, 2010

(AP) -- The world's largest mobile phone carriers say they're joining forces to make it easier for software developers to write apps that will run on as many phones as possible.

Senate panel grills Apple, Google on location data

May 10, 2011

(AP) -- A Senate panel is questioning executives from Apple and Google about why iPhones and handheld wireless devices running Google's Android software store location data that can be used to track where their owners have ...

Document shows how phone cos. treat private data

September 29, 2011

A document obtained by the ACLU shows for the first time how the four largest cellphone companies in the U.S. treat data about their subscribers' calls, text messages, Web surfing and approximate locations.

Wireless carriers are blocking tethering apps

May 2, 2011

( -- If you have an Android 2.2 OS smartphone, such as the HTC Nexus One, then you have tethering as part of the base experience. Other users could make tethering an option for themselves by downloading an app, ...

Google mobile head says Nexus One too ambitious

December 7, 2010

(AP) -- The head of Google's Android mobile operating software says the search company "bit off a little more than we could chew" with the sale of the Nexus One, a smart phone Google began selling online early this year ...

Recommended for you

Enhancing solar power with diatoms

October 20, 2017

Diatoms, a kind of algae that reproduces prodigiously, have been called "the jewels of the sea" for their ability to manipulate light. Now, researchers hope to harness that property to boost solar technology.

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

1 / 5 (1) Apr 17, 2013
This is entirely intentional on the part of the carriers, it is planned obsolescence, to help them sell phones. Almost any phone made in the past 3 years could be running the latest version of Android, but then people who have them would be less inclined to get a new one.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.