Another week, another series of stories questioning the security, in one way or another, of the Android operating system.
It is appropriate this week to say “in one way or another” because there is a twist. The American Civil Liberties Union (ACLU) – an organization most often associated with advocating in favor of unpopular people or causes because it believes doing so protects the rights and freedoms of the rest of us – has filed a complaint and request for investigation about Android with the Federal Trade Commission.
The ACLU is not going after Android directly. It is claiming that carriers are not passing information to subscribers whose phones use the software in a timely fashion. This is how CNET reported on the filing:
The civil liberties group claims that AT&T, Verizon, T-Mobile, and Sprint are not doing enough to protect users' private and personal data -- specifically on Android devices. The gist of the complaint (PDF) is that these carriers aren't providing users with timely security updates, which the ACLU says is akin to "deceptive and unfair business practice."
The subtext here is the most important thing. Whether or not the four carriers are dropping the ball is important. What is perhaps even more important is that the group considered it necessary to call attention to Android in particular. This suggests the position that Android security is far dicier than it is for the other OSes.
This comes as no shock to folks who follow the field closely. Most experts feel that way. But the idea of a more general interest organization, such as the ACLU, making such a distinction clearly is a step toward a wider labeling of Android as an unsafe OS. That’s clearly bad news for Google, especially as concerns about the handling of data by Google and other technology companies grow.
Another piece of news that separates Android from the rest of the mobile OS pack is that Dennis (Liang) Xu, a graduate student at the University of California, Davis, assessed approximately 120,000 free apps from Android Play and found numerous dangerous security vulnerabilities in texting, messaging and microblogging apps. The press release says that the developers have been notified but have not responded to the team at the school.
Android’s security – or perceived lack of security – may be breaking through to the audience beyond those who closely watch mobile device technology. A complaint from the ACLU is a big deal simply because it is an organization that is not generally concerned with such topics. The bottom line is that the ACLU could be a canary in the coal mine for the acceptance of Android’s inferior security as common wisdom.