May 9th, 2016

Earlier today, the FCC published an announcement where it is planning to investigate carriers and device manufacturers about the safety of the Android operating system on mobile devices.

While the release doesn’t state which carriers were asked for information, we can assume that the likes of AT&T, T-Mobile and Sprint would be a few of the included parties. The press release also doesn’t make mention of which manufacturers were approached, but the FCC did state they were “ordering eight mobile device manufacturers to provide the agency with information.”

Android security has been a large issue since its unveiling and it has finally reached the point where we saw Google releasing monthly security updates. These updates are seeded to OEM’s and carriers so that the bugs can be patched, only then can an update be sent out to the supported devices. Nexus devices are well known for getting these updates first thanks to the control that Google has over their own hardware/software.

In the press release, the FCC makes specific mention of the “Stagefright” vulnerability and how almost 1 billion devices were affected with this strain of malware. The number is staggering, but what’s even more alarming is the length of time it took for carriers and OEM’s to prepare these updates to devices. There have even been instances where a device will receive the security update just days before Google releases the next month’s update.

From the FCC press release:

Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.

Let’s hope some good comes out of these requests from the FCC and FTC and maybe this will light a fire under the carriers and OEM’s to keep their customers protected in a timely manner.

[via Federal Communications Commission]

local_offer    Android Security   FCC   FTC   Security image