The FCC and the FCT investigating the security patches for smartphones and tablets

Security updates destined to mobile devices represent a subject of interest not only for end users but also for institutions that deal to certify such products before marketing. In this regard, two US agencies, the FCC (Federal Communication Commission) in cooperation with the FTC (Federal Trade Commission), has recently announced that it had embarked on a joint investigation to deepen the ways by which those involved , namely the manufacturers of smartphones and tablets, and telephone operators - develop and distribute security updates.

To carry out the investigation, the FCC has contacted some major US phone operators - including AT & T, Sprint and Verizon - to ask questions about the review process and release of security updates. The FTC has also requested information from eight manufacturers of smartphones and tablets on the state of vulnerability of such products and the development of any corrective patch. The reasons for the renewed focus by the two authorities towards the issue of the security of the mobile devices are clearly explained in the press release issued by the FCC, which states:

Recently there has been an increasing number of vulnerabilities related to the mobile operating systems that threaten the security and integrity of the user's device.

The concerns of the FCC focus on bug of the mobile operating systems that can spread on a large scale as determined by inherent vulnerabilities in the OS Mobile; exemplary in this respect is the case of stagefright that caught the attention of the media in the course of 2015. The FCC cites its stagefright in the press release announcing the joint initiative with the FTC, remembering that the flaw in the Android operating system has exposed the risk of attack almost 1 billion Android devices.

The demands of the two bodies aimed at operators and producers to improve the status quo, trying to eliminate delays in the distribution of the patch:

The consumer can be left without protection for prolonged periods of time or indefinitely, due to any delay in the correction of vulnerability after that has been discovered. To date, the operating system vendors, device manufacturers, and the telephony service providers have responded to address the vulnerabilities that occur. There are, however, the considerable delays in the distribution of patches to existing devices, while older devices are likely to never receive the patch.

The FCC claims to be serious about solving the problem, continuing to cooperate with the FTC and collaborating with everyone involved. The case Stagefright has contributed to an acceleration in the pace of release of security updates as a result of Google's decision to make them available on a monthly basis for the Android operating system. The variables are, however, related to the role of telephone operators and individual producers, whose activities aimed approval of security updates can dilatarne the release timing.