HTC Settlement could reduce Android fragmentation

Martin Brinkmann
Feb 26, 2013
Google Android

Unlike desktop computer systems, mobile phones usually do not receive that many updates in regards to new functionality, security and privacy. Many manufacturers are more interested in creating and releasing a new version of a phone than offering support for phones they have already produced, and carriers too do not want to spend resources on testing and deploying patches on their systems.

This practice led to many problems, and a serious one in this regard is that companies failed to deliver security updates for devices which meant that consumers - most of the time unaware - worked with insecure phones.

A recent settlement of HTC America could have serious impact on how device manufacturer and carriers create and deploy security patches, and in the end, it could very well reduce or even end Android fragmentation.

HTC is required to fix vulnerabilities in millions of devices, and the company is furthermore required to establish a comprehensive security program and undergo security assessments every year for the next 20 years.

The FTC used several examples to make its point. This included security issues in two logging applications - Carrier IQ and HTC Loggers - that run on HTC phones and programming flaws that would allow third-party apps to bypass Android's security model.

Due to these vulnerabilities, the FTC charged, millions of HTC devices compromised sensitive device functionality, potentially permitting malicious applications to send text messages, record audio, and even install additional malware onto a consumer’s device, all without the user’s knowledge or consent. The FTC alleged that malware placed on consumers’ devices without their permission could be used to record and transmit information entered into or stored on the device, including, for example, financial account numbers and related access codes or medical information such as text messages received from healthcare providers and calendar entries concerning doctor’s appointments. In addition, malicious applications could exploit the vulnerabilities on HTC devices to gain unauthorized access to a variety of other sensitive information, such as the user’s geolocation information and the contents of the user’s text messages.

While the case was made against HTC, other carriers and manufacturers are not off the hook either, as they may be facing similar settlements in the near future.

For Android, this could very well mean that many carriers and manufacturers limit the number of software customization implementations to go back to core Android systems that makes it easier to test and distribute patches that Google releases for the system.

For consumers, the settlement will most certainly mean better security and patches over a longer period of time. Gone will be the days when the next generation of a phone marks the end of updates for previously released phones. (via Threatpost)


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Coyote said on February 26, 2013 at 10:51 am

    Having an AtrixHD, made by Moto, was the first real phone to come out after the big buy out by google, and is great. Even though I had to wait 6 months for an update to jellybean it’s sad that I should feel privileged for that.

    I’m just torn on how this will work out though. google can either lock down the OS more like iOS or allow people to customize it. Really can’t do it both ways. Now it’s not just the carriers that would be effected by this, all custom roms would have to go. Which would be a shame as the carriers main goal is to monetize their customers and stock/custom roms are made for the user as a person and shouldn’t be stifled.

  2. Bill S. said on February 26, 2013 at 8:34 am

    What I read says that “some” of the phones will receive updates based on the FTC settlement. I currently have the HTC Inspire 4G (which is not a 4G phone) but from now on I will only purchase my phones from Apple or Google. Apple and Google are the only suppliers that push out updates without regard for the cellular providers.

  3. Lucho said on February 26, 2013 at 4:02 am

    I’m so happy to hear that :) I own HTC Desire HD and I hate it when I’m left out of Android updates just because my phone is not the newest model. The whole meaning of Android is to be free but this wasn’t the case with older phones. I remember when it got updated to 2.3 I was so happy and I was waiting for 3 then 4 but nooooo why bother taking care of the people who trusted them with their purchase a few years ago, let’s make them buy a new one!

  4. leon said on February 26, 2013 at 3:02 am

    so htc must install Carrier IQ and HTC Loggers?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.