Using the CGA to get Android updates in a timely manner

Forums › Android › Using the CGA to get Android updates in a timely manner

karit

84 posts

Master Geek

#109230 15-Sep-2012 11:15

We all know that Manufacturers and CellCos are very slow at updating Android (if they update at all). The updates in addition to adding features these updates also include security updates. Recent news shows that 50% of Android devices have known unpatched vulnerabilities (http://news.cnet.com/8301-1009_3-57512467-83/report-half-of-android-devices-have-unpatched-holes/).

This got me thinking NZ has the Consumer Guarantees Act. Which does say something along the lines of if there is a fault in the product you have purchased the versatile either has to fix it (which they can only do by providing the latest Android update) or to replace (which will only help if it is brand spanking new phone model) or provide you with a refund. Consumer Magazine says that the expected life span of a phone is five years (http://www.consumer.org.nz/reports/appliance-life-expectancy/lifespan-electronics) and they a respected independent body for providing the expected life span for the use in the CGA.

There is a app http://www.xray.io/ which will identify currently eight different privilege escalation vulnerabilities on Android phones (there are more security than this and the default release notes seem to always say security fixes). This app would provide a easy way to walk into a store and show someone in a repeatable way the (security) fault with your phone. So I was wondering if anyone had all ready tried this method and what success that had?

I got my current phone from a NZ Online retailer, so I will be writing them up an email soon. I am just going down the security update path because they are faults in the product. Feature updates you can't really define as a fault, so leaving those to the side and focusing on the security ones.

1 | 2 | 3 | 4 | 5 | 6

28948 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#686366 15-Sep-2012 11:19

So what is the fault with your handset?

johnr

19282 posts

Uber Geek
Inactive user

#686367 15-Sep-2012 11:22

CGA for Android updates / security updates you have to be kidding me? Have you actually read the CGA and understood it?

John

nakedmolerat

4553 posts

Uber Geek

Trusted

Lifetime subscriber

#686371 15-Sep-2012 11:31

sbiddle: So what is the fault with your handset?

i guess he is trying to say that the software on the phone is 'faulty'.

sbiddle

28948 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#686374 15-Sep-2012 11:38

nakedmolerat:
sbiddle: So what is the fault with your handset?

i guess he is trying to say that the software on the phone is 'faulty'.

Software has been covered by the CGA since 2002 with case law already in existance. The problem is the same wording used for phyical items can't necessarily be applied to software.

Good luck to the OP if you want to try..

karit

84 posts

Master Geek

#686375 15-Sep-2012 11:40

sbiddle: So what is the fault with your handset?

The fault with the phone is that it has security vulnerabilities. There are fixes for these security "faults" yet they are not forthcoming with these fixes.

sbiddle

28948 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Lifetime subscriber

#686376 15-Sep-2012 11:43

karit:
sbiddle: So what is the fault with your handset?

The fault with the phone is that it has security vulnerabilities. There are fixes for these security "faults" yet they are not forthcoming with these fixes.

Have you read any of the case law surrounding the CGA and software? My feeling right now is that you haven't.

johnr

19282 posts

Uber Geek
Inactive user

#686377 15-Sep-2012 11:49

Does your phone Boot up? Can you send SMS? Can you make calls?

Please tell us the actual fault with the handset?

karit

84 posts

Master Geek

#686379 15-Sep-2012 11:54

johnr: CGA for Android updates / security updates you have to be kidding me? Have you actually read the CGA and understood it?

John

Yes

6 Guarantee as to acceptable quality
(1)Subject to section 41, where goods are supplied to a consumer there is a guarantee that the goods are of acceptable quality.

7 Meaning of acceptable quality
(1) For the purposes of section 6, goods are of acceptable quality if they are as
(c) free from minor defects

If it is free of minor defect I guess it also needs to be free of major defects. Is a phone that has a known security defect with a known fix that isn't being provided a product of acceptable quality? So shouldn't it be fixed by applying the update?

johnr

19282 posts

Uber Geek
Inactive user

#686381 15-Sep-2012 12:00

" Manufacturing defects "

karit

84 posts

Master Geek

#686383 15-Sep-2012 12:03

johnr: Does your phone Boot up? Can you send SMS? Can you make calls?

Please tell us the actual fault with the handset?

Using http://www.xray.io/ I know that my phone is susceptible to http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3874 I'm sure If I dug more I could find more unpatched security defects.

blair003

553 posts

Ultimate Geek

#686387 15-Sep-2012 12:13

I don't know any CGA case law but I think it's a pretty novel idea and on the face of it its not as ridiculous as some are making out. Let's assume for a moment you had a case under the CGA (others are saying you don't, they could be right and I have no idea)

If you had a valid case the main problem I see is that it's not very practical to use the CGA to get OTA updates. The reason we are not getting timely updates from what I have been led to believe is because of the testing process the software updates must go through before telecom/vodafone will push them out.

AFAIK you normally complain to the retailer under the CGA. The retailer has no ability to "fix" the "problem" you are presenting to them (well they could root the phone and install the updated software, but that would probably void the warranty so its not really an option). So to get any action it would require enough of us going into retailers such that they made it an issue for the networks. I find it hard to see this happening as most people don't care.

You could complain to your local MP/government, but I am pretty sure telecom/vodafone will argue the delay is for QA testing they have do it to ensure there are no issues with the updated device on their network.

Kinda makes you glad the internet is currently open so we can connect whatever the hell we want.

karit

84 posts

Master Geek

#686388 15-Sep-2012 12:15

johnr: " Manufacturing defects "

Which section says "Manufacturing defects" as I can't that reference to the limitation of defect. The word defect in the defining aspect of the act seems to be only used section 7. Defect is used later but is the remedy type sections 19 and 20.

They do define manufacturer as

manufacturer means a person that carries on the business of
assembling, producing, or processing goods, and includes—
(a) any person that holds itself out to the public as the
manufacturer of the goods:
(b) any person that attaches its brand or mark or causes or
permits its brand or mark to be attached, to the goods:
(c) where goods are manufactured outside New Zealand
and the foreign manufacturer of the goods does not have
an ordinary place of business in New Zealand, a person
that imports or distributes those goods

And to me that isn't limiting to hard and soft aspects of a phone

Loismustdye

673 posts

Ultimate Geek

Trusted

#686389 15-Sep-2012 12:18

At risk of trolling, but couldn't pc manufacturers and so forth be held accountable as well (going by the OP original post) because you need to purchase/obtain antivirus software etc in order to make the product "safe" from intrusion because the computer manufacturer doesn't ensure the product they sell is safe?

Talkiet

4395 posts

Uber Geek

Trusted

#686390 15-Sep-2012 12:18

Just for a moment, consider what you are implying...

- Every single computer sold by a retailer with an OS now needs to be replaced.
- Every single GPS unit sold by a retailer now needs to be replaced.
- Every TV, every DVR, every piece of consumer electronics need to be replaced.

And once these items are replaced, the new replacements now themselves, need to be replaced.

And what about the case when your brand new replacement phone (or untested SW update) itself has a minor defect? That's right, it needs to be replaced. Oh, and then that one has to be replaced.

You probably see where I'm going with this.

Cheers - N

Please note all comments are the product of my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.

scuwp

3277 posts

Uber Geek

#686391 15-Sep-2012 12:21

Talkiet: Just for a moment, consider what you are implying...

- Every single computer sold by a retailer with an OS now needs to be replaced.
- Every single GPS unit sold by a retailer now needs to be replaced.
- Every TV, every DVR, every piece of consumer electronics need to be replaced.

And once these items are replaced, the new replacements now themselves, need to be replaced.

And what about the case when your brand new replacement phone (or untested SW update) itself has a minor defect? That's right, it needs to be replaced. Oh, and then that one has to be replaced.

You probably see where I'm going with this.

Cheers - N

This.

The idea is preposterous and is a slippery slope. If you want regular guaranteed updates then go buy an iPhone.

Always be yourself, unless you can be Batman, then always be the Batman

1 | 2 | 3 | 4 | 5 | 6