The Federal Trade Commission is set to investigate a formal complaint that wireless firms have failed to issue software updates for Android Handsets. The complaint, from the American Civil Liberties Union, says handsets that don’t get security fixes are effectively defective.
The argument centers on the way that, unlike with some handsets, Android phone updates have to be routed through the carrier. There are often delays between Google issuing an update and it reaching a user’s phone, sometimes as long as a year.
The ACLU cites Google statistics about which versions of Android people are running. That’s partly the result of handset limitations, but it’s certainly the case that many users are running extremely outdated software and missing security fixes.
In a tenuous but logical argument, the ACLU reasons that once Google issues a security update then for however long it is that the carrier doesn’t send it out to subscribers, the carrier is responsible for the vulnerability continuing to exist on the phone.
In turn, the ACLU argues, this makes the carrier directly responsible for the phone being defective. That then means its failing to live up to its contractual obligations to supply a working phone to the customer in return for the up-front payment and monthly fees. And that, according to the ACLU, constitutes deceptive marketing which is where the FTC comes in.
The complaint is only against the carriers (specifically AT&T, Sprint, T-Mobile and Verizon) and not against Google. It requests that carriers be forced to warn all customers if they have a phone that hasn’t received security updates promptly. It also asks that all affected customers be given the right to get a refund or replacement on their handset, or to cancel their contract with no early termination fee.
The Federal Trade Commission has confirmed receiving the complaint but hasn’t detailed what if any action it will take.