News of mobile OS bugs seem to crop up every week, and two federal agencies want to know what US carriers and phone makers are doing to roll out fixes as quickly as possible.
The Federal Communications Commission (FCC) today sent a letter to mobile carriers "to better understand the role that they play in ensuring the security of mobile devices."
The Federal Trade Commission (FTC), meanwhile, ordered eight gadget makers "to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices." They include Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung.
The FCC is concerned about "significant delays in delivering patches to actual devices—and that older devices may never be patched." They specifically called out Stagefright, an Android bug discovered last year that prompted Google to release the "world's largest" Android update.
"As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use," the FCC said.
The carriers were asked 20 questions about how they handle bug fix rollouts, including what hurdles they face in getting updates to customers, the current rollout process, and how they notify customers about vulnerabilities. The agency also requested Stagefright-specific data—like how they became aware of it and how many customers' devices were affected—and quizzed carriers on whether the monthly security updates promised by Google, Samsung, and LG are actually happening.
The FTC wants device makers to detail:
Carriers and phone makers are asked to respond to the questions within 45 days.