When phone makers find a flaw that makes a phone vulnerable to hackers, are they doing enough to inform consumers? Perhaps not. On Monday, two federal agencies announced investigations into how the mobile industry is reacting to such threats.
In a press release, the Federal Trade Commission said it is asking information from Apple (AAPL), Google (GOOG), Microsoft (MSFT) and five other companies about how and when they “patch” software vulnerabilities. The Federal Communications Commission is pursuing a parallel investigation.
Sign up for Data Sheet, Fortune‘s technology newsletter.
“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device,” said the FCC’s version of the release, citing a threat called “Stagefright” that may affect one billion Android devices worldwide.
For consumers, these mobile vulnerabilities pose the same sort of danger as a virus on a home computer. In the worst case, a hacker could steal content from the phone or hack its messaging systems.
To address such risks, mobile companies send out software updates that close the door to potential hacks. In launching the investigations, the agencies appear to be looking at whether the companies are doing so quickly enough. While the existence of a software threat does not necessarily mean hackers have exploited it, the risk escalates the longer the company fails to send out a patch.
The issue is not a new one. In 2013, the ACLU filed a complaint with the Federal Trade Commission, claiming major wireless carriers were committing a deceptive trade practice by failing to warn consumers about vulnerabilities.
For more about cybersecurity, watch:
In the event the agencies find the mobile phone companies have acted improperly, they could impose fines or orders that require the companies to change their practices.
The average consumer, meanwhile, must simply hope for the best, and that the companies address the vulnerabilities before hackers do. Consumers can also help themselves by keeping their operating system up to date.
The full list of companies receiving orders from the FTC are Apple, Blackberry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility, and Samsung Electronics America.