The complaint charged HTC with a number of poor security practices, such as an inadequate program for assessing the security of products before they are shipped to consumers. In addition, the company was charged with failing to provide engineering staff with adequate training in security and privacy.
Other failings included not testing devices for security flaws and having no process in place for receiving and addressing vulnerabilities found by third-party researchers and academics.
The FTC does not discuss ongoing investigations, so whether it is investigating other mobile device manufacturers is not known. Nevertheless, Android smartphone and tablet makers have been criticized for years for shipping millions of devices with older versions of Android and then failing to distribute updates and security patches quickly.
Meanwhile, the number of Android malware is rising substantially faster than any other Internet-delivered malicious app, according to Cisco's recent 2 013 Annual Security Report. At the same time, cybercriminals are building better tools for exploiting vulnerabilities.
In October, the FBI warned that FinFisher, commercial spyware sold to law enforcement and governments, had been modified to steal personal data from Android phones.
Sign up for Computerworld eNewsletters.