clock menu more-arrow no yes mobile

Filed under:

U.S. regulators want to know why your phone isn't getting security updates faster

Google, Apple, Samsung and others have been asked to provide details about their mobile updates.

iPhone SE/iPad Pro 9.7 inch Launch In Tokyo Photo by Tomohiro Ohsumi/Getty Images

Federal regulators have begun exploring a question of importance to millions of American consumers: How secure are your smartphones and tablets?

The Federal Communications Commission and the Federal Trade Commission today asked device makers, the creators of mobile operating systems and the major wireless carriers to provide information about how they address vulnerabilities in smartphones, tablets and other mobile devices.

The inquiry follows one high-profile vulnerability in the Android operating system nicknamed "Stagefright," which left a billion devices potentially vulnerable to attack. Google has since patched the holes and Google, Samsung and LG all pledged to start pushing out updates once a month to fix security vulnerabilities.

But the federal agencies are examining the question of how long consumers may be left unprotected and whether there are delays in patching such vulnerabilities.

"To date, operating system providers, original equipment manufacturers and mobile service providers have responded to address vulnerabilities as they arise," the FCC said in a statement announcing the inquiry. "There are, however, significant delays in delivering patches to actual devices — and that older devices may never be patched."

The FTC, which has the authority to study issues of public interest, asked eight companies to provide information: Apple, Blackberry, Google, HTC, LG Electronics, Microsoft, Motorola Mobility and Samsung Electronics America.

The agency is asking each to provide details about devices sold over the last three years, whether they've been hit by bugs and whether — and when — the company patched the security hole.

It's not just about the operating system vendors and hardware makers, though. Carriers in the U.S. play a huge role and often have the final say on what updates make it onto consumers' phones.

The FCC made a similar inquiry of the major wireless carriers: AT&T, Verizon Wireless, T-Mobile, Sprint, US Cellular and TracFone wireless.

The CTIA wireless industry's trade group issued a statement saying that customer security is a top priority for carriers, and that mobile operators make updates available as soon as they're "thoroughly tested."

The speed and frequency of security updates has long been an issue for the industry. While Apple has been able to get broad leeway in pushing out updates, the Android industry has tended toward a slow pace in which Google develops overall operating system patches, as well as feature upgrades, which are then tested and customized by hardware makers, a process which can take months. Finally, mobile carriers have to decide whether, or if, to make such updates available based on the age of the phone and the importance of the update.

Security-focused updates have a somewhat better track record, but vulnerabilities found for older versions of Android often still are left unpatched.

This article originally appeared on

Sign up for the newsletter Today, Explained

Understand the world with a daily explainer plus the most compelling stories of the day.