Today the FCC and FTC announced that they would be joining forces to launch a formal inquiry into why manufacturers and carriers take so long to rollout security updates to mobile devices. The two government organizations are becoming increasingly concerned about the security of smartphones, and they’re particularly interested in why patches to major, OS-wide security vulnerabilities like Stagefright have taken months to rollout to some devices.
Android smartphones are of particular focus in this investigation, as the uniformity of the iPhone line makes security updates far easier to rollout. The FCC will be investigating the work that mobile carriers do to bring these patches to their subscribers while the FTC will be looking into the manufacturer side of things. Both organizations have requested documentation from the relevant parties detailing the steps that they take in identifying vulnerabilities and the process by which these vulnerabilities are patched and rolled out to the end user.
With our everyday lives happening more and more through the medium of mobile operating systems, a need for security is growing at an equivalent pace. Every day, millions of users trust their smartphones with sensitive personal and professional information. It’s to the point that some argue, given the choice between letting someone read your mind or letting them have full access to your smartphone, the option that ensures more privacy is to go ahead and hand over your mind. Organic memory is a shifting and cloudy thing, but your smartphone knows exactly what you texted to whom, down to the second you hit send. In a sense, our phones know us better than we know ourselves, and it’s absolutely essential that government organizations like the FCC and FTC set high standards of security timeliness and thoroughness.