Who really controls your phone, or computer, car or appliance? You, or the companies that make them?
When Samsung Electronics remotely disabled the last of its flawed Galaxy Note 7 smartphones last month, it further blurred the lines between who ultimately controls your phone, or computer, car or appliance: you, or the companies that make it work?
Industry executives and analysts say companies are exerting greater remote control over their devices – changing how and whether they work, removing or adding software and content, or collecting personal data from them – not always with permission or with the user’s best interests at heart.
“The Samsung case is exactly an example of how devices … are no longer objects we own, but rather services we’ve subscribed to and which can be revoked at a moment’s notice,” said Stefano Zanero, an Italian computer security expert.
Mahbubul Alam, chief technology officer at Movimento, a car tech firm now owned by Delphi Automotive, says manufacturers have moved on from just selling a device and hoping there’s no recall to a world where they are in touch with users through internet-connected devices that they can “change, modify, adjust” as they see fit.
“With power comes responsibility,” he adds. “It’s a new power that the device manufacturers and telcos have. How they exercise their responsibility is very important.”
Samsung said it retrieved 96% of the more than three million Note 7s it had sold and activated. That left more than 120,000 unreturned phones that were put out of action by over-the-air software updates or by telecom operators barring them from their networks.
“We assume the majority of unreturned devices are not actually used,” said a spokesperson for the South Korean firm.
In another example, HP Inc last year used a software update to prevent unauthorised cartridges being used with some of its printers. After some users complained, HP offered an optional update. HP did not respond to requests for comment.
In other cases, manufacturers use so-called firmware updates to stop people using their devices in ways they don’t want.
Apple, for example, routinely upgrades the firmware on iPhones to outwit users’ attempts to open up the software to unapproved apps and functions – dubbed jailbreaking – said Bunnie Huang, a hardware entrepreneur.
Bryan Hale of Resin.io, which distributes software updates to connected devices, says gadget makers increasingly realise that connected products are only as good as the software on them. That means they can’t afford not to figure out how to update that software. Hacking attacks on appliances like CCTV and webcams highlight the pitfalls of not keeping devices updated.
At the other extreme, some companies see this channel to the device as a marketing opportunity, using over-the-air updates to collect user information and push services and apps on to their devices.
In the United States, Chinese firm Shanghai ADUPS Technology faces two class-action suits after a security company found it installed software on thousands of mobile devices that collected data without users’ permission. One suit alleges the software “could also remotely reprogram the devices and install applications on consumers’ phones without their knowledge or consent.”
ADUPS Technology did not respond to requests for comment.
Whatever the motivation, companies see advantages in being able to retain some degree of remote control.
Not least, manufacturers can reduce the costs of service centres and staff, said Emma Wright, UK-based commercial technology partner at law firm Kemp Little. “This … is an extremely useful way of providing updates on devices without users having to take it in to a store.”
Samsung could have saved itself a lot of trouble, says Julie Purves, CEO of UK-based remote management software company B2M Solutions, if it had exerted even greater remote control. Smart batteries, she says, would have allowed her software to remotely detect and report on abnormal behaviour. Samsung’s battery issue, she says, could have been “identified much sooner and potentially prevented altogether if spotted and addressed early enough.”
This approach is also slowly transforming the automotive world, where nearly a third of users never respond to a product recall, says Alam at Movimento.
Consultant Michael Sena says the economics of the car industry are not unlike those of the mobile sector, and car companies are coming to terms with the changes wrought by Tesla, which pushes updates and features to its cars wirelessly, removing the need for dealers.
This, in turn, raises the issue of privacy.
European Union law, Sena says, will next year be more stringent on data protection, and will effectively mean “if I own a device, what happens with that device is up to me.”
So far, he says, companies like Tesla in autos and consumer players have operated in a grey area that sometimes helps the consumer, and sometimes doesn’t.
But there are signs that is changing.
The U.S. Federal Trade Commission this week settled with Vizio, a U.S.-based appliance maker being acquired by Chinese conglomerate LeEco, over software that automatically collected data on viewing habits from its smart TVs. As part of the settlement, Vizio agreed to ensure it makes clear to users what data it wants to collect, and seek their approval.
More regulation from government is likely.
“What’s needed here is oversight,” said Bryce Boland, Asia-Pacific chief technology officer at FireEye, an internet security company.
“Some cases may be legitimate, such as devices that need to be modified to prevent forest fires or human deaths; others might be more difficult to assess.”