Petition Closed

EE UK please start releasing Android security updates

This petition had 705 supporters


EE currently say they offer the fastest mobile network in the whole of the UK.

Currently they do not seem to offer security updates to many Android handsets (such as the Samsung Galaxy S6 & S6 Edge) in a timely manner which means there are many devices with vulnerabilities active on the EE network.

Google release monthly Android updates which the manufacturers and phone network providers should then test with their customizations and then release to the public once all is approved.

You can easily see the differences between releases on BTU (Unlocked) to EVR (EE custom firmware) here:

http://www.sammobile.com/firmwares/database/SM-G920F/BTU/

http://www.sammobile.com/firmwares/database/SM-G920F/EVR/

You can see that EE are currently 5 months worth of security updates behind and counting.

EE would be much better taking a proactive view to security rather than just burying their heads in the sand and waiting for something to affect their users or network and then taking a knee jerk reaction.

Currently features such as WiFi Calling are only available when you use the EE branded firmware (EVR) which means you either make the decision of getting useful features you have paid for while having an unsecured device or moving to the BTU firmware and being more secured handset wise but unable to use WiFi Calling.

To compound the issue newer versions of the bootloader on the Galaxy S6 prevent downgrades which means if you are running an up-to-date version of BTU you cannot install the EE EVR firmware as it is blocked by the bootloader, even if Samsung service tools like Odin are used. If custom bootloaders are used then you will void the warranty, and enabling something as simple as WiFi Calling should not be putting end users in that position.

The recent issues with TalkTalk where users had details leaked and then were knocked off the network shows the bad press security issues can cause.

Threads such as this over on the EE forums show a very lax view towards security:

https://community.ee.co.uk/t5/Android/Samsung-S6-security-updates/td-p/420515

Detailed messages to the EE CEO, Marc Allera are currently ignored and social media messages result in similar to the below:

"We work hand-in-hand with device manufacturers to ensure that all updates are delivered to you as quickly as they possibly can be. We’ll never release an update until we’re completely satisfied that it meets our high standards; on some occasions we’d rather take a little extra time to make sure the update is as polished as you’d expect from the UK’s biggest & fastest 4G network.
CT""

All the other UK networks are able to get the updates out each month apart from EE who seem to work on a slower than 6 month cycle. 

This petition is to try and get some traction to persuade EE to understand security should be taken seriously. Currently their customers are potentially more and more at risk of infection with each month that passes without security updates being issued. 

If EE truly are the fastest network in the UK then imagine the impact a DDoS could have when initiated from infected nodes active on their network.



Today: Aidan is counting on you

Aidan P. needs your help with “EE UK please start releasing Android security updates”. Join Aidan and 704 supporters today.