Companies blur lines over who owns devices

Samsung said there are more than 120,000 unreturned Note 7 phones that were put out of action by over-the-air software ...

Samsung said there are more than 120,000 unreturned Note 7 phones that were put out of action by over-the-air software updates or by telecom operators barring them from their networks.

When Samsung remotely disabled the last of its flawed Galaxy Note 7 smartphones last month, it further blurred the lines between who ultimately controls your phone, or computer, car or appliance: you, or the companies that make it work?

Industry executives and analysts say companies are exerting greater remote control over their devices - changing how and whether they work, removing or adding software and content, or collecting personal data from them - not always with permission or with the user's best interests at heart.

"(The Samsung case) is exactly an example of how devices ... are no longer objects we own, but rather services we've subscribed to and which can be revoked at a moment's notice," said Stefano Zanero, an Italian computer security expert.

Mahbubul Alam, chief technology officer at Movimento, says manufacturers have moved on from just selling a device and hoping there's no recall to a world where they are in touch with users through internet-connected devices that they can "change, modify, adjust" as they see fit.

"With power comes responsibility," he adds. "It's a new power that the device manufacturers and telcos have. How they exercise their responsibility is very important."

In another example, HP last year used a software update to prevent unauthorised cartridges being used with some of its printers. After some users complained, HP offered an optional update. HP did not respond to requests for comment.

In other cases, manufacturers use so-called firmware updates to stop people using their devices in ways they don't want.

Apple, for example, routinely upgrades the firmware on iPhones to outwit users' attempts to open up the software to unapproved apps and functions - dubbed jailbreaking - said Bunnie Huang, a hardware entrepreneur.


Bryan Hale of, which distributes software updates to connected devices, says gadget makers increasingly realise that connected products are only as good as the software on them.

Ad Feedback

That means they can't afford not to figure out how to update that software. Hacking attacks on appliances like CCTV and webcams highlight the pitfalls of not keeping devices updated.

At the other extreme, some companies see this channel to the device as a marketing opportunity, using over-the-air updates to collect user information and push services and apps on to their devices.

In the United States, Chinese firm Shanghai ADUPS Technology faces two class-action suits after a security company found it installed software on thousands of mobile devices that collected data without users' permission.

Whatever the motivation, companies see advantages in being able to retain some degree of remote control.

Not least, manufacturers can reduce the costs of service centres and staff, said Emma Wright, UK-based commercial technology partner at law firm Kemp Little. "This ... is an extremely useful way of providing updates on devices without users having to take it in to a store."


This, in turn, raises the issue of privacy.

European Union law, Sena says, will be more stringent on data protection, and will effectively mean "if I own a device, what happens with that device is up to me".

So far, he says, companies like Tesla in autos and consumer players have operated in a grey area that sometimes helps the consumer, and sometimes doesn't.

But there are signs that is changing.

The US Federal Trade Commission this week settled with Vizio, a US-based appliance maker being acquired by Chinese conglomerate LeEco, over software that automatically collected data on viewing habits from its smart TVs. As part of the settlement, Vizio agreed to ensure it makes clear to users what data it wants to collect, and seek their approval.

More regulation from government is likely.

"What's needed here is oversight," said Bryce Boland, Asia-Pacific chief technology officer at FireEye, an internet security company.

"Some cases may be legitimate, such as devices that need to be modified to prevent forest fires or human deaths; others might be more difficult to assess." 

 - Reuters


Ad Feedback
special offers
Ad Feedback