[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] ACLU Files Complaint With FTC Over Android Security Updates
Verizon has NO published docs on their software support or upgrade terms.
Their model is, "buy our phone now and we'll your money again in 2 years
for a new phone". During the first 2 years on my original Droid, it got
exactly one (1) upgrade. It got exactly nothing (0) in the next 2 years.
Yes. 4 years and only a single patch cycle.
At the very least the should be required to provide full security and bug
patch support for the life of the purchasing contract. I have to pay them
and they have provide _SERVICE_.
On Mon, Apr 22, 2013 at 10:01 AM, Jay Lozier <jslozier at gmail.com> wrote:
> On 04/22/2013 07:54 AM, Neal Rhodes wrote:
>
> I have been on both ends of the spectrum - HTC phones which I have left
> completely alone, and let the carrier handle it, and a Viewsonic GTab,
> which pretty much required immediate replacement of the OS for any useful
> functionality.
>
> I've also rebuilt three engines in my lifetime. And I took my Asko
> dishwasher apart before I gave up and replaced it. Just because I CAN,
> doesn't mean it's worth my time to do it. I consider certain things
> appliances which should "just work".
>
> The contrast between the HTC phones, on which everything "just works", and
> the Viewsonic Gtab, which I've pretty much given up on, and bought a
> Samsung Galaxy 2 are rather stark. Maybe the developer community for the
> Viewsonic isn't as robust. Or maybe since they're not getting paid they
> don't care if the microphone doesn't work, or it the Wifi drops in and
> out. But on the Galaxy everything just works again. There really is a
> tangible value to a manufacturer actually testing stuff with their
> hardware.
>
> I will state a general opinion, which is that a carrier should be
> obligated to continue providing security updates to phones for X years
> after they sell them. I think a reasonable value for X is between 2 and 4,
> because the darn battery will crap out after 2 years. We are now
> reaching that spot where the processing power in Android phones is equal to
> the needs of 99% of the users, so there is no reason not to keep these
> things for 5-6 years.
>
> Neal Rhodes
>
>
>
>
> On Mon, 2013-04-22 at 01:02 -0400, Jay Lozier wrote:
>
> On 04/21/2013 09:29 PM, James Taylor wrote:
> > I have had a half dozen android phones so far, and not a single one has run the carrier software for longer than it has taken me to root it and load a developer rom.
> > In my household, I currently have an HTC One S, two Galaxy Vibrants and an LG Optimus, all running the latest Jelly Bean builds for the roms they have loaded.
> > By the way, I've never had a problem with a warranty return. I either load the original build or send it as is if dead. Not a peep from the vendor.
> > I can understand most consumers not wanting to deal with this, but most consumers don't want to mess with technology in general. They just want to use what's handed to them.
> > Anyone on this list should be able to root a phone and load a rom, maybe with a little help.
> > Why complain about your provider not updating your phone when you have access to do it yourself?
> > -jt
> IMHO the problem is that most people (not people on the list) are afraid
> of "ruining" their phone if they root the OS, etc. I remember on
> observation about most users not switching to Linux - it is they are
> afraid to install any OS on any device (Windows, iOS, Android, etc) and
> stay with the originally installed OS as updated by the vendor. The
> issue is then will the vendor take responsibility to protect their
> mostly technically illiterate customers. That appears to be what the
> ACLU is complaining about; an implied breach of contract. Whether this
> has merit is probably depends on the contract terms.
>
> It is not that installing an OS particularly hard if you take your time.
> It can be very tedious depending on what you must do to actually install
> it (try Windows 7 upgrade from Windows XP).
> >
> >>>> Neal Rhodes <neal at mnopltd.com> 4/21/2013 08:23 PM >>>
> > yes. the ACLU taking this up seems odd.
> >
> > However, I've seen a graph somewhere showing that essentially all
> > iPhones ever made can be updated the current versions of IOS.
> >
> > But Android phones are a totally different story. Once the carrier
> > stops selling them, they get abandoned and rarely get security
> > upgrades.
> >
> > i'm not an Apple fan, but the different was quite striking.
> >
> > Neal Rhodes
> >
>
> The parallel to providing support is on computers, Apple, Micro$oft, and
> Linux distros have published support cycles for their OS releases. I should
> know before buying/installing what the support period is; it's not hidden.
> Also, an update path from one release to another is stated even if it is a
> PITA (Windows XP direct to Windows 7 sucks).
>
> What I do not know is if the carriers have stated a support cycle for the
> OS versions and update paths to newer OS versions - I do not have an
> Android.
>
> Jay
>
> >
> > On Sat, 2013-04-20 at 22:41 -0400, James Taylor wrote:
> >
> >> This seems releveant, considering recent conversations...
> >> -jt
> >>
> >> From the latest Security Alerts Network Newsbites newsletter.
> >>
> >> "--ACLU Files Complaint With FTC Over Android Security Updates
> >> (April 17, 2013)
> >> The American Civil Liberties Union (ACLU) has filed a complaint with the
> >> US Federal Trade Commission (FTC) asking that the agency investigate
> >> major wireless phone service carriers for failing to deliver updates for
> >> known security issues in the Android operating system. The complaint
> >> alleges unfair and deceptive business practices for failing to
> >> distribute the patches and failing to inform customers that their
> >> devices are vulnerable to attacks. While Google has issued updates for
> >> the flaws, the carriers have not pushed them out in a timely manner.
> >> Apple issues its own updates for its phones, but individual carriers
> >> bear the responsibility of pushing out Android fixes.
> >> http://www.wired.com/threatlevel/2013/04/aclu-android-security-issue/
> >> http://www.h-online.com/security/news/item/ACLU-calls-for-FTC-investigation-into-carrier-Android-1844175.html
> >> http://arstechnica.com/security/2013/04/wireless-carriers-deceptive-and-unfair/
> >> http://www.washingtonpost.com/business/technology/2013/04/16/1d7364fc-a6c9-11e2-a8e2-5b98cb59187f_story.html
> >> Text of Complaint:
> >> http://www.aclu.org/files/assets/aclu_-_android_ftc_complaint_-_final.pdf
> >> [Editor's Note (Pescatore): I think "Politics makes for strange
> >> bedfellows" comes from Shakespeare, but it sure applies here: the ACLU
> >> filing complaints about security issues? But I like their angle: if the
> >> carriers don't push out security patches to the phones, they are not
> >> honoring their side of the contracts they lock people into and thus the
> >> contracts should be invalidated. Nice incentive for the carriers to more
> >> regularly update Android phones. But this also points out the security
> >> advantages of the Apple and Blackberry model, where the hardware and
> >> software come from one vendor who does push out updates regularly, vs.
> >> the Android (and Windows PC) model where the user is on their own.
> >> (Northcutt): Kudos to our story collector, Kathy Bradford! This is a
> >> big story and everyone dealing with BYOD and MDM (Bring your own device
> >> and mobile device management) has skin in the game.
> >> (Shpantzer): Google could learn from Apple's closed ecosystem and
> >> enforce discipline in the Android Telco/OEM ranks. Fragmentation is
> >> theoretically good for security against mass malware (not a monoculture,
> >> hard to test on infinite number of hw/sw permutations), but old and
> >> terminally vulnerable versions of Android persist for months or even
> >> years, whereas new Apple iOS versions have 90% penetration in a matter
> >> of days or weeks.]"
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> >
> >
> >
> > If this is an unsolicited spam message, please click this link to report it: http://control.eastcobbgroup.com:49285/contents/spamreport.shtml?rptid=27385&srvid=16vl15t
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
>
>
>
>
>
> _______________________________________________
> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>
>
>
> --
> Jay Lozierjslozier at gmail.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
--
--
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130422/266c75ac/attachment.html>