Not fixing Android bug affects 930 million users
January 27, 2015 Leave a comment
Recently a security issue came up that is affecting about 60% of Android OS users [or about 930 million users] worldwide.
Google has decided not to fix the WebView bug in Android versions before 4.4 because of the “complexity” in doing so.
A lead engineer for Android security revealed the decision was due to the complexity of applying patches to older branches of WebKit – the browser engine that was used in WebView and Chrome until Google forked WebKit into Blink for Chrome. To start off with, WebKit alone is over five million lines of code and hundreds of developers are adding thousands of new commits every month.
But this is the same company that “stung” both Apple and Microsoft [and probably others] by revealing vulnerabilities before they could be fixed. I am wondering what Google would have replied with if Apple or Microsoft revealed the bug before that did.
That said, Google has already announced that by not fixing this issue, 930 million users will be vulnerable.
For those running older versions of the OS, I wonder if this will speed up the process for those phones to be upgraded to a newer version of the OS. Problem is that it is usually the phone’s carrier that decides when an upgrade can be done because of the carrier’s own tweaking of the OS.
In comparison, with Windows, manufacturers are expected to support the latest service pack, updates, etc. They are also required to keep their own software updated to work with the newer updates.
Google is suggesting that if you have an affected OS is not to use the built in web browser but one that is getting updated like Firefox or Chrome.
If you are stuck at 4.3 or slightly before, complain to your carrier.
Can the built in browser be disabled or uninstalled?
[My phone is using OS 4.4.2 and still waiting for them to go to either 4.4.3 or 4.4.4 or maybe even 5.0 like some US carriers have done for the same model. But other than a security updated last fall, there has been nothing.]