The Federal Trade Commission (FTC) “is seeking to compile data concerning policies, procedures, and practices for providing security updates to mobile devices offered by unnamed persons, partnerships, corporations, or others in the United States.” The May 6, 2016 FTC Order requested that “Apple, Inc.; Blackberry Corp.; Google, Inc.; HTC America, Inc.; LG Electronics USA, Inc.; Microsoft Corp.; Motorola Mobility, LLC; and Samsung Electronics America, Inc.” provide the following:
Section 3i Security Update Processes in the Order also includes a requirement about software licensing including the following
i. Licensing terms or other contractual obligations that require the device manufacturer or any other entities to develop, test, or deploy security updates
ii. Communication of vulnerability information to device manufacturers or other entities involved in the development, testing, or deployment of security updates;
iii. Development support (e.g., software code, instructions, or other information or material) the Company provides for the development, testing, or deployment of security updates; and
iv. Any other assistance the Company provides to address security vulnerabilities in such device software.
After the FTC gets this information it will be interesting to see what happens next.