The ACLU complained to the FTC that carriers aren’t patching vulnerable Android phones. They have a point.
Phones are profitable, and the carriers are trying to have it both ways.
They lock down the phones so that we can’t change them, then they subsidize the phone, but once the phone is paid off, they continue to charge the same monthly rate. But they won’t issue updates for the phones, and they won’t let end users apply patches either. So we all run around with vulnerable phones.
The ACLU wants carriers to start delivering updates, or allow users to terminate their contracts so they can switch to carriers who do. The problem with that is no carrier seems to deliver updates for anything but the very newest, highest-end phones, so I don’t know that the opt-out clause will do much. My old Samsung Galaxy S 4G phone might theoretically work on AT&T’s network, but I know AT&T isn’t going to give me updates for a two-year-old phone that was a T-Mobile exclusive. Switching to Sprint or Verizon isn’t an option–the phone won’t work on their networks.
I could take matters into my own hands and run the unofficial build of Cyanogenmod for my phone, but to do that, I have to unlock the phone, which violates the DMCA, which makes me a criminal.
So I don’t know that the ACLU’s suggested fix will do much to resolve the issue, but they are correct that cybersecurity is a bigger threat than terrorism, and I’m glad they raised the issue. Get enough smart people talking, and eventually a good solution will come about. Then, of course, there’s the matter of making that solution reality, but let’s not get too far ahead of ourselves.
In a job interview this week, someone asked me what the best, most secure phone was. I couldn’t really give a good answer to that. Apple doesn’t allow anyone to develop an antivirus or antimalware app for their phones, which is eventually going to be a problem. Their phones and tablets are so popular it’s only a matter of time before malware appears on them, and in the meantime they don’t need to be passing malware for other devices around. Android, on the other hand, does have good security apps available for it, some free of charge, but most Android phones don’t get any kind of updates. At least Apple phones do. I felt like a politician trying to answer that question, because I couldn’t give an answer that I could defend. At least I didn’t say, “Right now, I’m devoting a great deal of time and study to that problem. And I intend to issue a position paper on that. A position that is at once simple, yet complex, flexible, and above all else, fair to every American.” But I kind of wish I had–at least that answer would have been good for a laugh. And no worse than flipping a coin.