In order to gain a better understanding of security in the mobile ecosystem, the Federal Trade Commission yesterday issued orders to eight mobile device manufacturers including Microsoft asking them to provide information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
Among the information recipients must provide under the orders are:
- the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device;
- detailed data on the specific mobile devices they have offered for sale to consumers since August 2013;
- the vulnerabilities that have affected those devices; and
- whether and when the company patched such vulnerabilities.
The FTC is conducting a separate, parallel inquiry into common carriers’ policies regarding mobile device security updates.