This doesn't surprise me, though.
The majority of manufacturers fail to deliver software updates for old devices for years.
However, the consumer protection watchdog in The Netherlands, The Dutch Consumentenbond, filed a lawsuit against Samsung, due to the manufacturer's grip over the local market compared to other manufacturers.
Last year, the discovery of the scary Stagefright Security Bug, which affected over 1 Billion Android devices worldwide, forced Samsung to implement a security update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered a security update process that "fast tracks the security patches over the air when security vulnerabilities are uncovered," and that the security updates will occur once per month.
However, the watchdog also blames Korean OEM Samsung for not being transparent regarding the critical security updates, like the update to fix Stagefright exploits, that are necessary to "protect [its] consumers from cyber criminals and the loss of their personal data."
Majority of Samsung Handsets Vulnerable to Issues
According to DCA's own research, at least 82 percent of Samsung smartphones available in the Dutch market examined had not received any software updates on the latest Android version in two years.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
This failure in providing the software updates left the majority of Android devices vulnerable to issues on security and others.
The DCA says that the agency has previously contacted Samsung many times and discussed the matter privately with the manufacturer giant to resolve the situation, but it failed to reach an agreement with the company, and so it decided to go to court.
At this point, I should mention that these are entirely valid claims.
Like most other manufacturers, Samsung doesn't provide timely software updates to its devices.
No doubt, the Samsung Galaxy S6 series have received Stagefright patches on time, but the manufacturer failed to provide Stagefright fixes for its majority of midrange and entry-level Android devices.
Furthermore, none of Samsung's devices currently runs the latest Android 6.0 Marshmallow, three months after it officially launched.
DCA's Demands from Samsung
The agency has requested the manufacturer to update all of its smartphone devices to the latest version of Android operating system for two years since the handset is purchased (not launched).
In some ways, the agency wants Samsung to treat software updates as part of the warranty that has its length mandated at two years in the European Union.
"[We are] demanding that Samsung provides its customers with clear and unambiguous information about this," The DCA writes. "Also, [we are] demanding that Samsung actually provides its smartphones with updates."
Response by Samsung
In response to the lawsuit, Samsung released an official statement saying the company was working on improving its updates on software and security.
"We have made a number of commitments in recent months to better inform consumers about the status of security issues, and the measures we are taking to address those issues," reads the statement.
"Data security is a top priority and we work hard every day to ensure that the devices we sell and the information contained on those devices are is safeguarded."