The Federal Communications Commission and the Federal Trade Commission announced today that they are teaming up for an inquiry into how security updates to smartphones and other mobile devices are released in the United States.
One of the inquiry’s main concerns is the amount of time it takes for security fixes to be released to users. In a statement, the FCC said:
Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.
The FCC and FTC have sent letters to mobile carriers and eight mobile device manufacturers to ask them how they screen and release security updates for mobile devices.
A FCC representative told Bloomberg that the carriers are AT&T, Verizon*, T-Mobile, Sprint, U.S. Cellular Corp., and TracFone Wireless. The eight device makers are Apple, Google, BlackBerry, HTC America, LG Electronics USA, Microsoft, Motorola Mobility, and Samsung Electronics America.
Each company was asked to list all devices they have offered for sale in the U.S. since August 2013, what security flaws are associated with them, and if fixes have been distributed to users.
The FCC’s statement specifically mentioned Stagefright, an Android bug discovered by security researchers last year, as an example of the “growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device.”
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Stagefright was especially alarming because it allowed hackers to override Android security with a modified video message, giving them almost complete access to a device’s storage, camera, and microphone. Furthermore, it took several security patch releases to deal with Stagefright and its successor, Stagefright 2.0.
*Verizon owns AOL, which in turn owns TechCrunch
