ACLU researcher slams carriers for lax Android security

A security researcher with the American Civil Liberties Union pushed carriers to become more responsible for the mobile security of customers using Google's (NASDAQ:GOOG) Android platform or let Google directly push software updates. Speaking at a security conference, Chris Soghoian, principal technologist and senior policy analyst with the ACLU, noted that phones have to contact a server run by carriers in order to get an update. "When Apple decides that it's going to give a security update to consumers or a feature update, every consumer who plugs their phone into their computer gets the update whether or not their respective regional carrier likes it," Soghoian said, speaking at the Kaspersky Security Analyst Summit. But with Android, "you get updates when the carrier wants it and when the hardware manufacturer wants it, and usually that's not very often." He said the main problem is not that Google is not fixing security flaws in Android but that the "fixes for critical security vulnerabilities are simply not getting downstream and reaching consumers." Article