On May 9, 2016, the Federal Trade Commission announced it had issued Orders to File a Special Report (“Orders”) to eight mobile device manufacturers requiring them to, for purposes of the FTC’s ongoing study of the mobile ecosystem, provide the FTC with “information about how [the companies] issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.” The FTC’s authority to issue such Orders comes from Section 6(b) of the FTC Act.

The following companies are receiving the orders:

  • Apple, Inc.;
  • Blackberry Corp.;
  • Google, Inc.;
  • HTC America, Inc.;
  • LG Electronics USA, Inc.;
  • Microsoft Corp.;
  • Motorola Mobility, LLC; and
  • Samsung Electronics America, Inc.

Among other details, the Orders require the relevant companies to provide information regarding:

  • factors the companies consider in deciding whether to patch a vulnerability on a particular mobile device;
  • any written policies, contracts, testing or certification documentation the companies maintain regarding mobile device security;
  • disclosures the companies have made to consumers regarding mobile device security updates;
  • (1) detailed data on the specific mobile devices the companies have offered for sale to consumers since August 2013; (2) the vulnerabilities that have affected those devices; and (3) whether and when the companies patched such vulnerabilities.

The companies must file their responses within 45 days from the date of service of the Orders.