The American Civil Liberties Union (ACLU) has slammed mobile network operators for failing to issue regular security updates for Android phones.
The advocacy group has issued a complaint urging the Federal Trade Commission (FTC) to examine major wireless carriers updating policy. ACLU officials said that carrier's inability to consistently update Android handsets poses a security risk for end-users.
"For consumers running these devices, there is no legitimate software upgrade path. The problem isn't that consumers aren't installing updates, but rather, that updates simply aren't available," wrote principal technologist and senior policy analyst at the ACLU Speech, Privacy and Technology Project Chris Soghoian.
"Although Google's engineers regularly fix software flaws in the Android operating system, these fixes aren't packaged up and pushed to consumers by the wireless carriers and their handset manufacturer partners."
Soghoian said that wireless operators fail to do what Apple and the PC industry have done for years. In his blog post, he wrote that iPhones receive consistent updates. He also said that the PC industry has consistently made it a priority to issue timely security patches.
Android handsets have been criticised for lacklustre security in the past. The OS often gets reworked by carriers and OEMs to offer a unique set of features, but critics have said that this fragmentation has made it slow to launch updates.
While Google has routinely released updates for the platform, many third parties are slow to release them. Earlier this year it was reported that a majority of Android handsets are still running the older Gingerbread version of the OS.
The ACLU has called on the FTC to consider requiring wireless carriers to alert users about known security vulnerabilities for Android handsets. In its letter, the ACLU urges the FTC to force wireless carriers to offer refunds to users who have not been prompted about privacy issues.
ACLU official's complaint comes as Congress preps to vote on the recently reworked CISPA bill. The legislation would allow for the private industry to share data on potential security threats with the government without fear of a lawsuit.
Groups such as the ACLU have urged Congress to dismiss the bill on the grounds that it could drastically hurt user privacy. According to Soghoian, taking steps like the ones outlined in the ACLU's complaint is a better option than CISPA.
"Cybersecurity threats are real, and improving security and privacy should be an important priority for the government," continued Soghoian.
"We think there are plenty of things the government can do to protect the computers and networks that consumers, businesses and government agencies depend upon without violating civil liberties. Investigating the wireless carriers and their role in smartphone security updates would be a great first step."
Australian government to require technology and communications companies to provide access to messages
New bill avoids demanding 'backdoors' in encryption, but includes measures to compel companies to provide access to encrypted communications
Indonesian overclocker Ivan Cupa (with the aid of a lot of liquid nitrogen) achieves record overclock on AMD's latest Threadripper
Ssupermassive black hole is so big it corresponds to four per cent of the galaxy's total mass
Imminent attack will target a single bank with cloned cards used to fraudulently withdraw millions over one weekend