Monday, February 25, 2013

Security facepalm

Android handset maker HTC has just signed a settlement agreement with the FTC, an agreement designed to improve the security of their handsets.  It's pretty eye opening:
Under the terms of the deal HTC admits no guilt, but the list of things that it has agreed to do suggests that there wasn't much security work being done by the Taiwanese manufacturer. The full settlement gives the company seven core tasks which you would have thought it would have done already.

These include actually assigning someone in the company to be responsible for security, doing a risk assessment on its current coding practices and handsets, designing safeguards against flawed code, and training in-house staff on good security practices, such as where to get updates and patches.
[blink] [blink]

You wonder just what they were doing about security.  Actually, you don't (well, I don't).

It goes without saying that any of all y'all with HTC cell phones should upgrade to Android 4.0, stat.

NOTE: This agreement concerns software created by HTC for their handsets, not Android in general.  However, I have to say that Apple has a much cleaner update mechanism for iOS - you get new security updates via iTunes, directly from Apple.  With Android, the flow is Google fixes Android, then (maybe) the handset vendor updates the software for the phone, then (maybe) the carrier makes the fix available.  It's a clunky process with a lot of failure points.


Anonymous said...

The Android update cycle is a big reason I'm seriously considering leaving Verizon when our contract is out. My Thunderbolt just got its 4.0 update a few weeks ago. I'd have a lot more options on a GSM network.

"Root it." Yeah, yeah. The t-bolt isn't exactly root or aftermarket ROM friendly.

Old NFO said...

Not surprised, as all that cost MONEY, which hits the profit line...

kx59 said...

That explains the massive update I just had to install on my phone.
Probably more coming.