Dive Brief:
-
Both the FTC and the FCC have issued requests -- and in the FTC's case, orders -- to mobile device manufactures and mobile carriers to provide data about their policies regarding mobile device security updates.
-
The two agencies say they are seeking to better understand and hopefully improve the security of mobile devices.
-
The eight companies that received orders from the FTC included Apple, Blackberry, Google, HTC, LG Electronics, Microsoft, Motorola and Samsung.
Dive Insight:
The FTC orders asked for information such as the factors the companies consider in deciding whether to patch a vulnerability on a particular mobile device; detailed data on the specific mobile devices they have offered for sale to consumers since August 2013; the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities, according to the agency’s website.
Meanwhile, Jon Wilkins, the FCC’s wireless telecommunications bureau chief, sent a letter to mobile carriers asking similar questions about their processes for reviewing and releasing security updates for mobile devices.
Mobile device security has become a growing concern. Last August, an Android security gap made it possible for hackers to attack Android phones simply by sending a text message. An estimated that 95% of Android users across the globe were subject to the vulnerability, dubbed Stagefright.
As mobile devices grow increasingly popular, consumers and businesses alike become more vulnerable to bugs such as Stagefright. Businesses should pay attention to FTC and FCC work in this area, as outcomes could potentially affect how they manage updates to their mobile devices and/or handle mobile device vulnerabilities.
