Samsung sued over 'lackadaisical' Android security updates
Up your game, says Dutch consumer group
Samsung is being sued by a Dutch consumer group for its alleged lackadaisical approach to security updates for its Android phones.
The Dutch Consumers’ Association (DCA) claims that an incredible 82 per cent of Samsung phones do not have the latest version of Android installed.
It blames the Korean giant for failing to prod customers to update their software and notes that regular updates are necessary to "protect consumers from cybercriminals and the loss of their personal data."
The lawsuit follows the collapse of talks between Samsung and DCA aimed at resolving the situation. The DCA sent a letter to the phone manufacturer back in December, and held a number of meetings. But they "did not lead to the desired result," and so it's going to court. It claims Samsung is guilty of unfair trade practices.
The DCA notes that it's not just Samsung that is apparently failing consumers but that it has chosen to take it the tech goliath because it is by far the largest manufacturer of Android phones in the Netherlands.
"Consumers are given inadequate information about how long they will continue to receive software updates," DCA director Bart Combée said in a statement. "[We are] demanding that Samsung provide its customers with clear and unambiguous information about this. Samsung moreover provides insufficient information about critical security vulnerabilities, such as Stagefright, in its Android phones. Finally, [we are] demanding that Samsung actually provide its smartphones with updates."
Eco, e-slow system
It has long been an issue that even when Google provides a security update, it take a long while for its to filter down to people's non-Google Nexus phones because of the complex eco-system built around the platform.
Unlike Apple, Microsoft – and Google – Samsung does not prod its customers to update their phones or explain why they need to do so, leaving potentially millions of people open to known security holes.
According to DCA, Samsung is also very slow at releasing updates, presumably because it wishes to check it is compatible with its flavor of Android, or in order to add new features. Samsung customers have also noticed for some time that it updates different phones with different software versions at different times - and typically not with the latest version.
That said, it is only fair to note that Google does tend to put out a lot of Android updates, not all of which are security updates.
In response to the lawsuit, Samsung put out an official statement saying it was working on improving its updates: "We have made a number of commitments in recent months to better inform consumers about the status of security issues, and the measures we are taking to address those issues. Data security is a top priority and we work hard every day to ensure that the devices we sell and the information contained on those devices are is safeguarded." ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Samsung Galaxy
- Samsung Galaxy Ace
- Trusted Platform Module
- Zero trust