Carrier Control of Smartphones Is Decimating Security
Carriers – Leave Us Smartphones Alone!
The United States is unique in the world when it comes to the way people purchase their smartphones. Instead of treating it like a separate device for which you buy an Internet connection and attach additional services like we do with computers or laptops, it is the telecom carriers who have most of the say in the purchase process. It's as if when you want a computer you don't go to Best Buy or an Office Depot, but to the AT&T or Verizon store from whom you will get the Internet connection! These days there is little to differentiate smartphones from their bigger brothers. They are every bit as powerful as regular computers were just a few years ago.
The impact of this kind of tight control is obvious when it discourages customers from trying out new and innovative solutions such as VoIP. Why should they when they already have a contract giving them a set number of minutes to use every month? Those minutes have been bought and paid for and not to use them is a waste. Yet despite all these hurdles, VoIP usage continues to grow even in the United States. A powerful testament to its usefulness and features.
But there is yet another insidious threat to smartphone users. And that is the danger of vulnerable devices not being updated with the latest security patches. Recently in the news it was revealed that Android has a pretty huge security flaw that was hitherto undetected. Google reacted promptly by rolling out a patch. The question is – how long will it be before OEMs and the carriers allow it to go through?
OEMs and Carriers Refuse to Update Software
It's an open secret that there is very little incentive for a hardware manufacturer or the telecom carrier to issue updates to existing phones. They would much prefer customers to purchase a new device outright instead of getting additional features on already sold hardware. Only the Nexus devices and a few recent additions to the Google Play store get their updates straight from Google without any interference from the middleman.
When it comes to new features and capabilities, the lack of updates is merely frustrating and feels like something of a betrayal since you're entitled to the updates as and when they come out. But it becomes truly dangerous when the middleman refuse to update the operating system even to fix critical bugs and security holes.
Part of the reason for these delays is that carriers and manufacturers are hell-bent on customizing Android with their own skins and features. So every update needs to be tested against the modified code base which introduces delays and can even prevent the update from reaching the phone at all.
All we need as a wake-up call is for a truly dangerous exploit to have a significant impact on a large number of smartphones. Only then will I factors and carriers wake up to their responsibilities and give Google the ability to directly update Android smartphones as and when necessary. Such control would be the first step towards customers gaining independence from contracts and having the motivation to try out hosted PBX calls with a variety of SIP service providers.