On 9 May 2016, the US Federal Trade Commission (FTC) and US Federal Communications Commission (FCC) commenced an investigation into mobile device security updates. The investigation stems from growing concerns over security vulnerabilities in mobile devices, such as smart-phones and tablets, and the effect of such vulnerabilities on the safety of personal communications and personal information. As part of the investigation the agencies are examining the practices of a number of carrier and device- manufacturing companies, including Apple, Verizon, Google and AT&T, regarding security updates and associated issues, such as the distribution of patches and patching vulnerabilities. These companies have been issued with an order to provide information on a number of related issues, such as the factors they consider in deciding whether to patch vulnerabilities on a particular mobile device, the vulnerabilities that have affected their devices, and whether or not they have successfully patched such vulnerabilities. The companies must respond to the agencies’ inquiries within 45 days.
The Order (PDF)