January 21, 2019

January 18, 2019

Subscribe to Latest Legal News and Analysis

FTC Expresses Concerns Over Mobile Security Updates

In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between identifying a vulnerability and effectively installing a patch on consumers’ devices. Further, the FTC was worried that information about device support and update frequency is not always clear to consumers, and is not always maintained by manufacturers.

To address these concerns the FTC recommended that those in the mobile device industry commit to supporting devices for as long as consumers would expect such support. Customer expectations could be managed through policies and contracts. The FTC also recommended pushing out regularly scheduled updates and, of particular concern, asked device manufacturers to (a) prioritize security-only updates for high-risk vulnerabilities, and (b) ensure that testing and deployment efforts keep pace with update schedules. The FTC called for keeping records showing the actions taken and decisions made throughout the update process. Finally, the FTC called on members of the industry to work with government and advocacy groups to ensure that consumers understand the importance of security updates – in particular, the critical role consumers play in the update process.

Putting it Into Practice: For those in the mobile device industry, this report gives guidance on steps the FTC expects with respect to how to keep devices updated and secured after they are in the hands of customers.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Alyssa Shauer, Sheppard Mullin Law Firm, Century City, Cybersecurity and Litigation Attorney

Alyssa M. Shauer is an associate in the Business Trial Practice Group in the firm's Century City office. Ms. Shauer is a Certified Information Privacy Professional (CIPP/US) and a member of Sheppard Mullin’s Privacy Team.

Prior to joining Sheppard Mullin, Ms. Shauer externed in the chambers of the Honorable Margaret M. Morrow, Central District of California. She served as a Managing Editor of the UCLA Law Review and as Vice President of the Cyber Crimes Symposium and Competition on the Moot Court Honors Board. Prior to law school, Ms. Shauer studied emerging technology and cyber security regulations as a policy analyst for a managed care health plan and as a software developer for the Federal Aviation Administration in Washington, D.C.