Amid a number of critical security flaws hitting mobile devices in recent months, the FCC and the FTC have launched investigations into how companies release their mobile security patches. According to a joint announcement, as many as fourteen companies are being inquired by the government agencies, with the FCC reaching out to six wireless carriers and the FTC to eight mobile device manufacturers.
The announcement does not go into too many specifics but the gist of it is they want more information on how manufacturers and carriers currently release security updates to their devices and how security patches are distributed. The agencies claim they want to “better understand, and ultimately to improve, the security of mobile devices.”
The FCC cites the so-called Stagefright vulnerability that affected around a billion Android devices worldwide as an example of recent vulnerabilities. This bug was first discovered in July last year and has since been patched on several devices, but the bug continues to be exploited and many devices have yet to receive an update.
This lack of a coordinated and comprehensive effort to guarantee security on older devices is what the FCC and FTC fund most troubling: “To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.”