Google began issuing monthly security updates for Android ever since the Stagefright bug was exposed, and companies like Samsung, LG, and Sony committed to the program to also issue updates to their Android devices.
But how exactly are these updates moving along? What is the process of deciding which phones get updates? Do manufacturers communicate to software developers when there are threatening vulnerabilities? These are questions the Federal Trade Commission and the Federal Communications Commission want to find out.
The FTC has issued orders to eight companies, seeking more information about “how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.” And the list of companies aren’t restricted to Android device manufacturers.
The orders were sent to Apple, Google, Microsoft, BlackBerry, Samsung, LG, Motorola, and HTC. The requests for information cover topics such as when a company decides to disclose a vulnerability to consumers, whether companies offer unlocked variants of devices, what security testing processes each company follows, and more.
“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally,” the FCC said in a blog post.
For operating systems like Android, however, a large reason as to why updates don’t reach consumers is because of carriers. Many carriers delay pushing updates for a considerable length of time, and usually wait for big operating system updates. The FCC has reportedly sent out orders to carriers as well in a separate but parallel inquiry.
The FTC and the FCC want to spotlight the significant delays from device manufacturers and carriers in addressing vulnerabilities, to protect consumers from security threats. The move is undoubtedly positive for consumers — if federal action is taken to improve the time in which manufacturers and carriers push updates, that means more people will be running secure operating systems with fewer vulnerabilities.
If that type of action takes place, it would also be a considerable boon for Google, as it could potentially fix Android’s fragmentation problem.