The American Civil Liberties Union has filed a complaint with the Federal Trade Commission that accuses big phone carriers of leaving millions of Android phone users vulnerable to cyber-attacks and hacking.  

They claim wireless carriers such as Verizon Wireless, AT&T, T-Mobile, and Sprint Nextel have totally failed to fix gaping security flaws in the Android platform fast enough - even when they could have done so. They called for feds to allow customers to switch their plans without penalties and receive refunds.

The ACLU asked the FTC to investigate business practices that were "unfair and deceptive" because of their "failure to provide available security patches" in a claim filed on Wednesday. The claim also states that they didn't inform customers that their phones were vulnerable to attack.

Apple's iPhone is updated much more regularly, because Apple itself distributes software updates to its phones. But Android users can't get an update without using their carrier's server as a go-between - and this can take a year or even more.

The ACLU's complaint claims "A significant number" of Android users are also using "system[s] with known, exploitable security vulnerabilities for which fixes have been published by Google, but have not been distributed to consumers' smartphones by the wireless carriers" and that the carriers "refuse to transmit existing software security fixes to phones in a timely manner, according to a security researcher."

A recent study showed that nearly half of Android users had vulnerabilities on their devices-even though there were patches in place for them already.

Security researcher Chris Soghoian wrote in a blog post that the market has "failed to deliver" and that "Federal regulators should step in and protect consumers...If the mobile carriers are not going to provide important security updates, the FTC should at a minimum force them to provide device refunds to consumers and allow consumers to terminate their contracts without penalty so that they can switch to a provider who will."

In a separate study, researchers found that a high number of Android apps may have security flaws that could expose private information. Scientists at the University of California-Davis say they collected data on 120,000 free apps and many were vulnerable because code that should have been hidden was public. This could leave consumers vulnerable to exposure of private information or to fraudulent messages being posted from their accounts. Some of the most problematic were popular messaging apps.