The Federal Trade Commission today said it issued a 10-page letter to eight leading players in the mobile communications arena requiring them to tell the agency how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
+More on Network World: FTC: Best Practices for businesses facing Internet of Things onslaught+
Among the information Apple, Blackberry; Google; HTC America; LG Electronics; Microsoft; Motorola Mobility; and Samsung must provide include:
- The factors that they consider in deciding whether to patch a vulnerability on a particular mobile device
- Detailed data on the specific mobile devices they have offered for sale to consumers since August 2013
- The vulnerabilities that have affected those devices
- Whether and when the company patched such vulnerabilities.
The FTC has been critical of mobile communications vendors’ security practices in the past. In one report the FTC stated that companies, whose apps promise consumer safeguards for their data, follow through on those promises. “Specifically, the report recognizes that technology advances found in smartphones can offer the potential for increased data security and encourages all companies to provide strong protections for the data they collect.”
+More on Network World: Attention whitehats, The FTC wants you to lead new privacy, security push+
The same report urged consumers to “closely examine the apps’ stated policies on issues like dispute resolution and liability limits, as well as privacy and data security and evaluate them in choosing which apps to use.”
In the current letter to vendors the FTC said : The Commission is seeking to compile data concerning policies, procedures, and practices for providing security updates to mobile devices offered by unnamed persons, partnerships, corporations, or others in the United States. The Special Report will assist the Commission in conducting a study of such policies, practices, and procedures. The Special Report must restate each item of this Order with which the corresponding answer is identified. Your report is required to be subscribed and sworn by an official of the Company who has prepared or supervised the preparation of the report from books, records, correspondence, and other data and material in your possession. If any question cannot be answered fully, give the information that is available and explain in what respects and why the answer is incomplete. Describe in detail whether the Company provides notice to consumers regarding each of the following:
i.The period of time that a specific device model will be supported for operating system version or other feature updates that include security updates;
ii.The period of time that a specific device model will be supported for security updates, including the frequency or timing of security updates;
iii. When a specific device model is no longer supported for operating system version or other feature updates that include security updates;
iv.When a specific device model is no longer supported for security updates
Check out these other hot stories: