Mobile Device Patching Getting Help from an Unlikely Source

While patching computers and devices keeps a good number of folks with IT skills employed, the regular (and sometimes irregular) patching schedules can wear patience thin.

Mobile patching, particularly for the Android platform, has become a bigger concern than ever, considering the number of Android handsets in use today are notoriously running older versions. The problem isn’t always that the user keeps pushing off updates in a BYOD scenario or that corporate assets aren’t managed correctly, but a lot of times the carrier can be the culprit. Wireless companies will delay the distribution of critical updates that contain necessary security fixes for, most times, unknown reasons.

When’s the last time a company like Verizon deployed a smartphone update within 6 months of the update’s availability? And, when asked about it wireless providers will just point customers to sections of their web sites that contain FAQs with murky answers.

The US government is launching an inquiry into the issue, trying to determine exactly what the holdup seems to be and why the majority of handsets being carried around today are leaking consumer data and are becoming security time bombs.

According to the announcement:

The Federal Communications Commission (FCC) has joined the Federal Trade Commission (FTC) to better understand, and ultimately to improve, the security of mobile devices.

The FTC has ordered eight mobile device manufacturers to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered.  To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.

Full News Release: FCC Launches Inquiry into Mobile Device Security Updates