The American Civil Liberties Union, or ACLU, has filed a complaint against the big four US carriers for their lack of Android updates or disclosure on the matter. Yes, even the ACLU thinks that updates in the US are a problem. But it isn’t just people enjoying the latest version of Android: security is the problem.
When you buy a device, you get stuck in a two year contract. This means that you have to use the same device for two years, unless you buy one full price. But here lies the problem: carriers often kill off devices before two years are up, sometimes even one year doesn’t even go by. Then you’re stuck with an old version of Android, where new versions patched many security bugs. You’re left with an insecure device (and no, it doesn’t think it’s fat). This could pose a serious issue to businesses and regular users alike.
Updates are a problem in the US because carriers insist on reviewing each software upgrade. And this is fair: they do not want any software that can negatively impact their network. They have every right to do so. However, updates are often incredibly delayed, and the carrier can even say they no longer want to update the device, even when the international unlocked models are still getting updates.
The ACLU finds issue with the carrier specifically, because they say a buyer has the right to own a secure device, and a carrier should make sure of that. The ACLU states:
[The majority of Android devices] never receive critical software security updates, exposing consumers and their private data to significant cybersecurity-related risks. [Carriers have] engaged in unfair and deceptive business practices by failing to warn their customers about known, unpatched security flaws in the mobile devices sold by the companies.
However, it’s not so easy to just demand updates. Carriers are sometimes not even capable of it. So what’s the next best thing? Transparency. They need to tell us about the security issues in detail, making sure we know what we’re getting ourselves into. The ACLU also wants the ability to opt out of a contract without a EFT if their Android phone doesn’t receive regular security updates. They’re also trying to get the ability to get a refund or exchange for a device that will get updates in a timely manner. Those are some lofty goals, but customers have the right to at least know about the safety concerns of their device.
They may be fighting for security, but these security holes often can’t be patched with just some modification. Some of these security holes were patched in the next version of Android, and updating to a new version isn’t always easy or possible. But the least carriers could do is drop some knowledge on us. What do you guys think? Do carriers have a right to keep us from security updates? Or do we have a right to security and safety?