U.S Regulators are Looking at Mobile Device Security

U.S Regulators are Looking at Mobile Device Security

Regulators from the U.S. Federal Trade Commission (FTC) and Federal Communications Commission (FCC) are working jointly to discover more about how mobile device makers are patching security vulnerabilities. And they’ve reached out to device makers big and small to find out more.

“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” an FCC announcement notes. “There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally.”

The agencies have reached out to major players like Apple, Google, and Samsung as well as a host of other mobile device hardware makers such as Blackberry, HTC, LG Electronics. Microsoft, and Motorola Mobility. And they have asked for information about how the firms issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

Sponsored Content

Devolutions Remote Desktop Manager

Devolutions RDM centralizes all remote connections on a single platform that is securely shared between users and across the entire team. With support for hundreds of integrated technologies — including multiple protocols and VPNs — along with built-in enterprise-grade password management tools, global and granular-level access controls, and robust mobile apps to complement desktop clients.

More specifically, the FCC and FTC have asked:

  • The factors that hardware makers consider in deciding whether to patch a vulnerability on a particular mobile device
  • Detailed data on the specific mobile devices they have offered for sale to consumers since August 2013
  • The vulnerabilities that have affected those devices Whether and when the company patched such vulnerabilities.

Obviously, Android is the biggest issue here, as Apple routinely updates its software and cites the success its had getting its users to upgrade in a timely manner. Other firms, like Blackberry and Microsoft, are less of a concern given their small and steadily declining user bases. But since consumers tend to hold on to phones for at least a few years, it’s likely that there are many phones out there with unpatched vulnerabilities.

I am curious that the FCC and FTC are not focusing more on wireless carriers, since it is the carriers that block updates from reaching consumers, especially with Android. Both agencies do mention the carriers in passing, with the FTC noting that it is “conducting a separate, parallel inquiry into common carriers’ policies regarding mobile device security updates.” What it finds will no doubt be horrifying, but this probe could lead to some long-overdue changes.

(The FCC told Bloomberg that it has sent letters to the four biggest U.S. carriers—AT&T, Verizon, T-Mobile, and Sprint—as well as to U.S. Cellular and TracFone Wireless.)

“Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered,” the FCC notes. “To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.”

You can see an example of the letter sent to the mobile device makers on the FTC web site. Given the specific nature of the questions, it appears that the agencies are ready to formalize and regulate how mobile devices are supported with security updates. This is perhaps overdue.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

Paul Thurrott is an award-winning technology journalist and blogger with over 20 years of industry experience and the author of over 25 books. He is the News Director for the Petri IT Knowledgebase, the major domo at, and the co-host of three tech podcasts: Windows Weekly with Leo Laporte and Mary Jo Foley, What the Tech with Andrew Zarian, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows.