If you've ever been stuck in a two-year commitment with an Android smartphone that isn't receiving the latest software update due to your carrier taking their sweet time in issuing it, the ACLU is trying to help you out. In a complaint for injunctive relief filed on April 16, the ACLU tells the Federal Trade Commission that the lack of updates leads to software security holes that could have otherwise been fixed had a software update been issued. You can read more about the issue here.
However, it's not entirely the carrier's fault. AT&T, T-Mobile, Sprint, and Verizon have often flaunted their power over their portfolio of smartphones, with software updates being just one way of showing the control carriers possess. It is now a bigger issue according to the ACLU because some devices are simply being deemed obselete with no warning upon purchase that the Android device will not be supported with security patches for as long as the two-year contract is in session.
With each new software update from Google, hardware manufacturers have the option of modifying the Android source code to add bits and pieces to their UI (Sense, TouchWiz, etc.). In the process, these additions and changes are then reviewed by the carrier. This is the bottleneck where the ACLU is speaking upon the buyer's "rights" in owning a secure device capable of thwarting the harshest security attacks. In other words, a smartphone that won't be discontinued in the software department.
According to the ACLU's complaint, the majority of Android smartphones "never receive critical software security updates, exposing consumers and their private data to significant cybersecurity-related risks." The 16-page complaint goes on to say that the major wireless carriers have "engaged in unfair and deceptive business practices by failing to warn their customers about known, unpatched security flaws in the mobile devices sold by the companies."
These are no doubt valid complaints on behalf of the consumer by the American Civil Liberties Union. ACLU Founder Roger Baldwin is quoted on the About Us page of the site as saying "So as long as we have enough people in this country willing to fight for their rights, we'll be called a democracy." However, carriers rarely make policy changes despite customer displeasure which means their control is far from fair.
I certainly agree consumers have a right to the latest software updates, but the problem is much deeper than the 16-page ACLU complaint outlines.
For as long as Android has been around, smartphones have not been a part of a democratic state. Carriers have told us when our devices will get updates and it has always been a rough process unless you have a Google-branded Nexus smartphone. Without getting too political, the ACLU complaint suggests we deserve the latest updates because of security vulnerabilities, and that the carriers are delaying our "right to a safe connection." This is true, however we have never had any say in when software updates were to be issued, so why is it a problem now?
The software upgrade path of Android smartphones has never been a smooth process. In fact, one could argue the software update path between OEM's and carriers is as smooth as it has ever been. The reason it's an issue now is because of Android's grasp on the majority of the mobile market. As user reliance on cloud storage and a centralized source of data increases, software patches and security vulnerabilities mean much more than what they have in the past.
What the ACLU is speaking on behalf of the public for is quite simple. The ACLU wants Verizon, Sprint, T-Mobile and AT&T to be more transparent about the unpatched security vulnerabilities and outline the existence and severity of said security issues.
The ACLU is also seeking the ability for customers of the big four carriers to opt out of a contractual commitment without penalty if their Android smartphone has "not received prompt, regular security updates."
Lastly, the ACLU is going out on an even thinner limb and requesting that customers receive a refund or exchange to a smartphone that will receive timely software updates.
My perspective on software updates has never really been an issue because I choose to root my Android smartphones. I have outlined my reasoning in a past editorial on why rooting is beneficial to the user, but it has never been more applicable now. One could argue rooting bypasses this entire ACLU complaint and rules it invalid if you chose to root your smartphone and inject it with a software version that contains better security patches.
But from this perspective, both the carrier and the manufacturer of the smartphone share equal responsibility in issuing software updates. Yet when you root your Android device, the act of doing so tends to void your warranty on the carrier and manufacturer level. Software updates have forced consumers who care about security in between a rock and a hard place.
It is for this simple reason that the ACLU's complaint holds weight. Since we are cornered into voiding a warranty due to unbearably slow Android software updates, the ACLU's complaint should serve as a wake up call to the carriers. Of course, warranty is just one bit of the issue, and the truth of the matter is if we had the latest security patches on our smartphones, smartphone connectivity would be more comfortable and there would be nothing to complain about.
The ACLU is speaking on behalf of the consumer's rights over their purchase, and though their request isn't likely to make it very far due to carrier control, we can still relish in the fact that there is a mutual feeling that Android devices should not be deemed unsupported after a purchase.
What do you think about the ACLU's complaint against the FTC? Do carriers have a responsibility to issue timely Android software updates to patch security vulnerabilities? Speak up in the comments below!
Image via Android Central.
- Log in to post comments