Dutch watchdog sues Samsung over lack of Android security updates

Consumer group in the Netherlands sends in the lawyers over Samsung's allegedly "poor software update policy for Android smartphones".

Samsung accused of neglecting security updates
Samsung accused of neglecting security updates

The Dutch Consumers' Association that filed a lawsuit against Korean electronics firm Samsung has accused the company of having a “poor software update policy for Android smartphones". It also alleges that the firm is “guilty of unfair trade practices”.

An open letter from Bart Combée, director of Consumentenbond, said that on buying a Samsung Android device, “consumers are given inadequate information about how long they will continue to receive software updates. The Consumentenbond is demanding that Samsung provide its customers with clear and unambiguous information about this.”

It added: “Samsung moreover provides insufficient information about critical security vulnerabilities, such as Stagefright, in its Android phones,” he added. “Finally, the Consumentenbond is demanding that Samsung actually provide its smartphones with updates.”

The organisation is taking the firm to court following talks with Samsung over its update policy. No agreement was reached between the two hence the legal action. Consumentenbond said that the focus would be on Samsung as it is the “undisputed market leader in Android phones in the Netherlands”.

However, it added that other manufacturers were also “failing to provide proper updates for their devices”.

Last April Consumentenbond kicked off a campaign to encourage manufacturers of Android smartphones to make software updates available and to properly inform consumers about this. It said that 82 percent of the Samsung phones examined had not been provided with the latest Android version in the two years after being introduced.

According to the organisation, “Software updates are vital to keep smartphones secure and to protect consumers from cyber criminals and the loss of their personal data.”

Gert-Jan Schenk, VP of EMEA, Lookout, told SCMagazineUK.com that security updates have never been more critical. “Everything from banking, health data and corporate information is accessed on our smartphones and tablets.”

He added: “But it's not just down to the manufacturers, the OS creators and app developers also need to consistently roll out security patches which can quickly and easily be distributed,” he said.

“Everyone needs to take responsibility for security, and one neglected aspect is that as an industry, we simply don't share enough information from a hack or vulnerability perspective. If we were more collaborative, we'd be able to catch some issues before people were affected, and react to others more quickly.”

“The fact that the Android market is extremely fragmented does not make this any easier –  just look at how many older devices remained vulnerable to Stagefright and Heartbleed. From an Enterprise security perspective, we hear from many businesses their concern and the challenges with an Android mobile fleet or BYOD program. But I'd argue that this is a risk that can absolutely be managed. Getting patches and updates out in a timely manner will likely always be a challenge. In the face of this, businesses must adopt security solutions that give them visibility into threats on mobile and the power to remediate the threats."

David Kennerley, senior manager for threat research at Webroot, told SC that whether the allegations are founded or not, there is a general need in the mobile industry to send more regular updates to users.

“Too many manufacturers focus on delivering a cheap handset then pay little attention to the aftercare – leaving consumers at risk,” he said.

“The Android platform is a developer's dream because of its openness. However, the freedom and lack of screening process from Google has resulted in around 15 percent of the Android app store's apps being classed as malicious, according to Webroot's Mobile Threat Report. This makes it even more important that devices running Android are kept up-to-date with software that addresses vulnerabilities.”