ACLU says spotty updates a security risk

Raphael Satter / The Associated Press /

Published Apr 18, 2013 at 05:00AM

LONDON — One of the leading U.S. civil-rights organizations is taking on an unusual cause: spotty smartphone updates.

The American Civil Liberties Union is asking the U.S. Federal Trade Commission to investigate what it considers a failure by U.S. wireless carriers to properly update the Google-built operating system used on Android phones. The ACLU says that sluggish fixes have been saddling many smartphone users with software that is out of date and therefore dangerous.

“At its core, it’s not all that different from any other defective product issue,” said the ACLU’s Chris Soghoian, who drew the analogy between a vulnerable smartphone and “a toaster that blows up.”

Experts and government officials have long warned that failing to fix known security flaws — whether on phones or computers — gives hackers opportunities to steal data or use the devices to launch larger attacks.

The ACLU’s 17-page complaint, filed Tuesday, accused carriers AT&T Inc., Sprint Nextel Corp., T-Mobile USA and Verizon Wireless of ignoring those warnings. It cited figures showing that only 2 percent of Android devices worldwide had the latest version of Google’s operating system installed. The complaint said that as many as 40 percent of all Android users are still using versions of software released more than two years ago.

The complaint said the carriers were exposing Android customers to “substantial harm” by not moving fast enough on upgrades. The ACLU asked the FTC to force carriers to either warn customers about the issue or start offering refunds.

The FTC said it received the ACLU’s complaint but declined to comment further. The agency does not necessarily have to take the complaint up. If it does, an investigation would likely take months.

Carriers who replied to queries from The Associated Press denied delays in the updates, often described as patches.