Google Leaves 939 Million Android Users Without A Security Patch

The new update policy is to blame, but we cannot blame Google either.


Google’s refusal to patch up a WebView tool seems to be leaving quite a number of Android smartphone users vulnerable to a malicious attack. Google currently supports WebView in Android 4.4 KitKat and 5.0 Lollipop and states that it will not head back to older software and add a security patch for the same.

Security research publication Rapid7 picked up the issue. Rapid7 engineering manager Tod Beardsley told Forbes, "It's also the favoured vector for attack for nearly any remote code execution vulnerability in the mobile OS. WebView, for many, many attackers, is Android, just as Internet Explorer [Microsoft's browser] is usually the best vector for attackers who want to compromise Windows client desktops."

For those who love blaming Google, it clearly seems to be something that the manufacturers can fix and the search giant agrees with the same. It states that manufacturers who use that old version of Android on their smartphones can deliver a patch for the same and Google will consider those.

On the other hand the number of users on the older software is in millions and while they are not aware of it, they are at risk.

While we would love to bash Google on this topic, it is indeed manufacturers who are responsible for not upgrading their smartphones to the latest firmware. In an ideal situation, OEMs should refresh their handsets with at least Android 4.4 provided they plan to support it. It is something similar like blaming Windows for bugs in Windows 98, when you haven’t upgraded to the latest version.

Source 1, Source 2

TAGS: Software, Android, Mobile Phones, Tablets, Google