The Federal Communications Commission today announced an inquiry into mobile device security in partnership with the Federal Trade Commission. The inquiry is centered on how phone makers review and release security updates, and the FCC has sent a letter to mobile carriers — including AT&T, Sprint, and Verizon — asking questions about that process. As part of the investigation, the FTC has also asked eight mobile manufacturers to inform the agencies about the state of smartphone and tablet vulnerabilities and the process for patching them.

This isn't the first time the FCC has honed in on smartphone security. The agency released an "online security checker" in 2012 for consumers to get tips to improve security based on their mobile OS. In a press release, the FCC says, "There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device."

The FCC is worried about OS-wide bugs like Android's Stagefright

The FCC mentions one such bug, called Stagefright, that was discovered first in July and allows attackers to target Android phones via text message. Because nearly every Android phone contains some process for previewing links or files sent via text or MMS, more than 1 billion users are potentially vulnerable. Even after several patches from all parties in the mobile phone business, the bug continues to be exploited in unique ways. Google released an Android update in November patching a number of vulnerabilities, including Stagefright-related ones, but it's unclear when every handset will receive it.

That lack of consistency worries both the FCC and FTC. The release lays out the main concerns for how these patches are handled both by OS makers like Google, phone makers like LG, and carriers like AT&T: