The Obama administration has sent letters to the country’s major cell phone manufacturers and wireless networks, asking them to help the Federal Trade Commission (FCC), better understand how phones get security updates.
Regulators say they are “concerned” with how quickly cell phone updates are issued after a bug is discovered and made public.
The administration believes many cell phone users are left vulnerable because of the speed at which updates are rolled out to current users.
“Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered,” the FCC and FTC said in a joint statement. “There are significant delays in delivering patches to actual devices — and older devices may never be patched.”
Inquiries were sent to Apple, Google, Samsung, Microsoft, HTC, Motorola, LG, and Blackberry. The inquiry also extended to Verizon, AT&T, T-Mobile, and Sprint, along with smaller carriers US Cellular and TracFone.
While app updates are easy to push out as they are discovered, updates to operating systems require extensive testing to ensure a users phone doesn’t become ‘bricked’ which makes them unusable.
In one case Apple completely failed to fix a major vulnerability that allows hackers to break into nearby iPhones using the AirDrop feature. That bug has existed since iOS 8.
About 30% of Android phones currently in use don’t receive any security patches, according to Google.
The FTC at this time is involved in an inquiry investigation to help determine the full scope of the issue.