ACLU lobbies FTC to probe carriers over Android security


The American Civil Liberties Union has filed a complaint with the Federal Trade Commission, urging the agency to investigate carrier efforts to offer secure consumer experiences across devices running Google's (NASDAQ:GOOG) open-source Android mobile operating system.

The ACLU petition alleges that Verizon Wireless (NYSE:VZ), AT&T Mobility (NYSE:T), Sprint Nextel (NYSE:S) and T-Mobile USA have failed to properly safeguard subscribers against threats to the Android ecosystem, citing potential abuses like fraud, information theft, phishing campaigns and location-enabled stalking.

"The major wireless carriers have sold millions of Android smartphones to consumers," the petition states. "The vast majority of these devices rarely receive software security updates. A significant number of consumers are using smartphones running a version of the Android operating system with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers and their handset manufacturer partners. Android smartphones that do not receive regular, prompt security updates are defective and unreasonably dangerous."

Critics maintain Google has failed to sufficiently police its Google Play digital storefront, making it easy for attackers to distribute malware via Android applications. Google has made strides to reduce Android threats, however: In early 2012, it unveiled Bouncer, which scans Google Play for malicious apps, and its Android 4.2 OS update, a.k.a. Jelly Bean, bakes in application verification tools.

Carrier partners also have taken steps to improve Android security. Last fall, for example, Verizon rolled out Verizon Mobile Security, an Android antivirus app powered by digital security provider McAfee. Weeks later, T-Mobile USA partnered with Lookout on Automatic App Security, a preloaded Android app designed to protect smartphones and tablets against potential malware threats.

"Sprint follows industry-standard best practices designed to protect its customers," a carrier spokesperson told CNet. Verizon, AT&T and T-Mobile have not yet responded to requests for comment.

The ACLU is a nationwide nonprofit dedicated to upholding principles of free speech, privacy and equality. The organization's petition follows days after an NQ Mobile report stating that malware attacks on Android devices more than doubled in 2012. Fifty-three percent of U.S. Android owners have installed a mobile security app on their device, NQ Mobile adds.

For more:
- read this CNet article
- read this Verge article

Related articles:
Apple exec Schiller takes shot at Android over malware headaches
F-Secure: Android to blame for 79 percent of all mobile malware in 2012
Android malware surges to new highs in Q3
Google denies Android malware charges, researchers backtrack
Report: Android malware increased 155 percent year-over-year