The subject of 'security' is one which permeates most industries. In spite of this having always been a topic that is widely debated in the mobile realm, recently the debate has been ignited due to the ongoing and continued reports coming through on the state of mobile security, its weaknesses and vulnerabilities. Especially, when it comes to the Android side of mobile-related devices. In fact, the latest on this is that the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) have now announced they will be looking at this issue in much closer detail.
Today, the FCC and the FTC released a joint announcement on the matter and one which notes they have decided to look closer at how security procedures are implemented on mobile devices. Specifically, how manufacturers and carriers currently release security updates to their devices and in general, how security patches are distributed. All with a view "to better understand, and ultimately to improve, the security of mobile devices." The announcement details that the joint investigation has now sent letters to fourteen companies in total. Six of which are carriers who have been contacted by the FCC and the remaining eight companies being manufacturers, who have now been contacted by the FTC. The purpose of these letters is for those companies to provide further information on their security updating procedure. Companies confirmed to have been contacted include Alphabet, Apple, AT&T, BlackBerry, HTC, Microsoft, Motorola, Sprint, Verizon and Samsung.
While the announcement does not go into too many specifics, it does raise the point that they have noted an increase in the "number of vulnerabilities associated with mobile operating systems" and specifically does name-drop the Stagefright issue that has repeatedly hit the headlines as an issue affecting Android mobile devices. While it is common now for most of the big manufacturers and carriers to push out monthly updates to fix the most commonly known and newer vulnerabilities, the FCC and FTC announcement seems to suggest it will be focusing very much on the time-frame of delivery for these fixes, with the announcement detailing, "significant delays in delivering patches to actual devices—and that older devices may never be patched." Those interested can read the full announcement by heading through the source link below.