Smartphones: Can a Retailer Be Forced to Report Security Breaches and Insecure Applications? No, at least that’s what the German courts say.
Smartphones cost ten cents a dozen today, and Android devices from Asia, in particular, can hardly be brought into an overview. The largest and smallest brands sell their smartphones in German outlets at rock-bottom prices. Most of the time, it’s about making money as easily as possible. Logical, like so many. But often that is the only reason. It is not important to retain customers and certainly not to keep products sold for a long time. A problem, at least for customers.
From time to time products end up in stores that, in addition to an too old version of Android, could also have one or another dubious app. In the end, the question arose as to whether the retailer should or should better notify its customers of any issues. No, says OLG Cologne. Previous test purchases in which insecure devices repeatedly “went online” led to a lawsuit.
Notes on Security Breaches – Unreasonable Effort for Retailers
It represents an unreasonable effort for the defendant (reseller) to obtain information about the security breaches for each individual model of smartphone that it offers. It is true that the information about the existence of security breaches is of great importance for consumers, since this would violate the privacy of consumers and the data obtained could be misused for fraudulent purposes. However, it should also be noted that the defendant can only determine the security breaches through tests, which must be related to the respective type of smartphone. Nor is it possible to determine all existing security gaps.
Even OS vendors and app store operators can’t guarantee to rule out security breaches and harmful apps, how can a retailer do that?