Federal Communications Commission 
Washington, D.C. 20554 
 
 
May 9, 2016 
 
Dear [Carrier], 
 
As you know, one of the Commission’s top priorities is the promotion of safety and security of 
communications.  This is a priority that is shared by our colleagues at the Federal Trade Commission 
(FTC). 
 
As our nation’s consumers and businesses turn to mobile broadband to conduct ever more of their daily 
activities, from the most sensitive to the most trivial, the safety and security and their communications 
and other personal information is directly related to the security of the devices they use. 
 
There have recently been a growing number of vulnerabilities associated with mobile operating systems 
that threaten the security and integrity of a user’s device and all the personal, sensitive data on it.  One of 
the most significant to date is a vulnerability in the Android component called “Stagefright.”  It may have 
the ability to affect close to 1 billion Android devices around the world.  And there are many other 
vulnerabilities that could do just as much harm. 
 
Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in 
patching vulnerabilities once they are discovered.  Therefore, we appreciate efforts made by operating 
system providers, original equipment manufacturers, and mobile service providers to respond quickly to 
address vulnerabilities as they arise.  We are concerned, however, that there are significant delays in 
delivering patches to actual devices—and that older devices may never be patched. 
 
In partnership with the FTC, we have launched a joint effort to better understand, and ultimately to 
improve, the mobile security “ecosystem.”  The FCC is contacting the service provider community to 
better understand the role that they play in ensuring the security of mobile devices.  The FTC is separately 
seeking information from operating system providers and original equipment manufacturers.  We hope 
that the efforts of our two agencies will lead to a greater understanding of what is being done today to 
address mobile device vulnerabilities—and what can be done to improve mobile device consumer safety 
and security in the future. 
 
As a first step, I request that you provide us with your detailed responses within forty-five (45) days of 
the date of this letter.  If you request confidential treatment for your responses, your responses will be 
treated confidentially (see 47 CFR § 0.459(d)(3)) but please be aware that we intend to share all responses 
with the FTC, as we are permitted to do pursuant to 44 U.S.C. § 3510, and we ask that you state in your 
response, pursuant to 47 CFR § 0.442, that you do not oppose such disclosure.  
 
May 9, 2016 
Page 2 of 2 
 
Sample 
 
2 
 
Once we receive your responses, we look forward to meeting with your representatives to review your 
answers and learn your perspectives on possible next steps. 
 
Should you have any questions, please feel free to contact Charles Mathias on my staff.  Thank you in 
advance for help in this important undertaking. 
 
Sincerely, 
 
 
Jon Wilkins, 
Chief 
Wireless Telecommunications Bureau 
Federal Communications Commission