- January 25, 2016
- Posted by: Kerry Tomlinson, Archer News
- Categories: Mobile Devices, Posts with image, Vulnerabilities
A consumer protection group is suing Samsung, claiming the company has a bad update policy and is guilty of unfair trade practices.
Listen in on Android user forums, and you will hear a word echoed again and again—updates.
“The updates from manufacturers are uncertain and take a long time to reach end users,” writes an Android user.
Another said, “Security problems. You never know when (or if) you’ll get an update—even if it’s a security update.”
“It’s just sad that Samsung is disgusting with updates,” a user added.
Now, a consumer group representing half a million people in the Netherlands is suing Samsung, saying the company needs to do a better job with those updates.
“Software updates are vital to keep smartphones secure and to protect consumers from cyber criminals and the loss of their personal data,” said the Consumentenbond, also known as the Dutch Consumers Association, in a press release.
“On buying a Samsung Android device, consumers are given inadequate information about how long they will continue to receive software updates,” said the association’s director, Bart Combée.
The association said Samsung must give its customers “clear and unambiguous information” about updates, and demands that Samsung “actually provide its smartphones with updates.”
Android is big in the Netherlands, and Samsung has 80% of the market share there, according to Tech Times.
The Consumentenbond started a campaign in July 2015 to encourage phone makers to make software updates available and keep customers informed, it said. The group did research, with displeasing results.
“A survey by the Consumentenbond showed that 82% of the Samsung phones examined had not been provided with the latest Android version in the two years after being introduced,” the association said.
Samsung said it is working to make change, reported The Register.
“We have made a number of commitments in recent months to better inform consumers about the status of security issues, and the measures we are taking to address those issues,” Samsung’s statement said. “Data security is a top priority and we work hard every day to ensure that the devices we sell and the information contained on those devices are is safeguarded.”
Search for relief
Some users on social media said the lawsuit is good news.
“Glad they’re getting sued,” said one user. “I hope it hurts, too. Their software updates are poor.”
“…Samsung really needs to get better at updates and I think it’s right for people to call them to task on that issue,” another user wrote.
Some cybersecurity experts say the suit could set an example, and other suits—not just from customers—could follow.
“Finally, I hope that shareholders will sue one of the offending companies and win,” said Andrew Mazurek, a Toronto-based cybersecurity professional. “This would change everything.”
He criticized company executives who focus on quick money without an eye toward the future of the company.
“Board of Directors and C-Level [company executives like CEO, CFO, COO] operate on ‘myopia-short term’ principle,” he said. “Shareholders have the power to remove them, but they need to realize that Samsung-like activities are hurting share price in the long term, hence impacting shareholder value.”
“With current levels of C-Suite pay, there is very little incentive to look after ‘long term’ goals—in particular, in North America,” he said.
The update problem
The problem may be hard to fix.
If you have an Apple phone, you get all of your updates from one place—Apple, said Daniel Lance with Archer Security Group.
With Android, it is different.
“There’s no one central place to go get all of your stuff,” he said. “With the Android platform, it comes from Samsung or HTC or Motorola or whoever it might be. The model itself lends itself to, well, just say a large degree of inconsistency in what the updates are.”
That means Android updates from Google may go through manufacturers, like Samsung, and through carriers, like AT&T, before finally getting to you, the phone owner. That could take a long time.
“…Android’s set-up, along with the carrier’s testing requirements for all of the variants of a base model mean that even a small patch update has to go through a vigorous and lengthy approvals process,” wrote Ewan Spence in Forbes.
And that leads some users to swear, or come close.
“The Android update clusterfrick is by far the biggest problem in the Android world, and OEMs [original equipment manufacturers] should be, if possible, prosecuted to the fullest extent of the law for their negligent practices regarding updating their software,” said Thom Holwerda in OSNews.
“Oh and My Note5 is still on 5.1.1 with the November security patch,” said an angry user. “F—ING NOVEMBER PATCH and it’s January.”
Some companies do better than others.
“Unlike Apple, Microsoft – and Google – Samsung does not prod its customers to update their phones or explain why they need to do so, leaving potentially millions of people open to known security holes,” reported The Register.
But some say change will take more than one lawsuit against Samsung.
“Consumentenbond is right, in my opinion, to push the ideas of timely updates and more information for users of any smartphone platform (not just Android), but its action against Samsung is similar to attacking the largest and most aggressive head of a Hydra,” said Spence in Forbes.
“There are far more influences at play than one manufacturer deciding not to give out information,” he said. “Android’s inability to offer updates is endemic, and will require a much broader approach with every partner involved and willing to give up a little ground to create a healthier ecosystem.”
Talking with your feet
The case is getting attention around the world.
“What is interesting about this issue, is that the consumer association cares enough to go out and try to improve a manufacturers product, and not just shame them for poor business practice,” said Lance.
But, he said, Android users have a choice.
“The consumer has the option to be more secure: root their phone and head out to Google directly for software,” he said.
“Rooting your phone” means getting access to the root permissions on your phone, so you can install an operating system of choice.
If you don’t like the Android ecosystem, he said, you can take your money to another system.
“As a consumer, it doesn’t impress me when you neglect security and reliability, so I’ll go elsewhere,” said Lance.
“Maybe the money/time they will spend suing could go to security awareness, thus again correcting the problem through attrition of the android platform,” he added.