Federal Trade Commission studies mobile security updates

In a report on mobile security updates, the US Federal Trade Commission finds that because of the complexity of the mobile ecosystem applying security updates to operating system software on some mobile devices is time-consuming and complicated. Based on information gathered from eight device manufacturers - Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung, the FTC recommends that manufacturers should deploy these updates more quickly and suggests that manufacturers should advise users when update support will end for a given device. 


https://www.ftc.gov/news-events/press-releases/2018/02/ftc-recommends-steps-improve-mobile-device-security-update
https://www.ftc.gov/system/files/documents/reports/mobile-security-updates-understanding-issues/mobile_security_updates_understanding_the_issues_publication_final.pdf
Publication: Federal Trade Commission
 

What is Privacy International calling for?

Devices, networks, and services and insecure yet they process more data

As computing becomes embedded everywhere, privacy, security and safety issues converge. In the future, our infrastructure will be insecure and unsafe due to insecure devices and components that are not patched.

As more devices become ‘connected’ and services become ubiquitous, they may generate and collect massive amounts of data in excess of what is necessary for the provision of the specific service or function. For instance, the “always on” nature of connected or smart devices and the granularity of data collected potentially enables the provider and other parties access to vast types and volumes of data.

A mere software update or change in business practice can change the frequency of sharing and the parties to whom data can be transmitted can change at any point in time.

Securing these technologies becomes even more challenging as they are embedded in complex systems, difficult to alter or update for security purposes, and control by the individual is limited.  Too often companies decide for business reasons they will no longer support the software or hardware, including for security updates when vulnerabilities are found, leaving consumers unprotected.

This creates an unsafe environment. Unpatched, insecure, and unmaintained systems and infrastructure leave us vulnerable.

Security for all

There should be no barriers to timely fixes in security -- including updates, patches, and workarounds -- particularly considering implications for users of various socio-economic status and citizenship. Security updates should be distinguishable from feature updates.