Smartphone Makers Urged To Follow Samsung When It Comes To Security
A recent report by DuoLabs suggested that 60% of Android devices have been left insecure as a result of lax security update practices.
Worse still, the firm found approximately 378 million devices are actually unable to have security vulnerabilities addressed through carriers – many of which are actually still being sold on store shelves.
Worst of all, everyday consumers have no idea.
ChannelNews reached out to international digital-issues group Electronic Frontier Foundation for comment.
The EFF’s Bill Budington stated that “Consumers have the right to accurate information when purchasing their devices.”
“Often manufacturers customize Android, adding applications that market to their users while impeding usability and efficiency of the underlying operating system.”
Budington noted that this practice makes it harder for users to upgrade to newer versions of the operating system which fix security vulnerabilities – and that most users are unaware of the risks associated.
He outlined a number off options for handset manufacturers looking to improve the situation.
“Allow users to easily install stock Android and make sure the headsets function properly with the mainline Android (AOSP). Barring that, make sure you have a dedicated security team to deliver security patches from Android when they are made.”
These comments were echoed by Electronic Frontiers Australia.
The EFA’s Jon Lawrence asserted that both manufacturers and carriers have a duty to both advise users about security issues and provide avenues and access through which they can be addressed.
Budington praised Samsung’s streamlining of security patching and encouraged them to follow the company’s lead.
“And finally, manufacturers can reduce the amount of bloatware that is included in their devices, which consumers don’t want and find irritating. Or they could reduce the permissions these apps are allowed to request.”
“Each new app installed increases the attack surface for users, and marketing apps are typically programmed hastily and very rarely with security considerations in mind.”