There’s A Security Bug On 60% Of Android Phones — And Google Won’t Fix It

There’s A Security Bug On 60% Of Android Phones — And Google Won’t Fix It

A security researcher has discovered a serious bug in the WebView component of Android 4.3 and below that could open up phones to malicious hackers. But Google is doing nothing about it.

The bug, discovered by Tod Beardsley from Rapid, is found in an older piece of Android software that allows apps to view web pages without launching a separate piece of software. The problem is that the piece of software is baked directly into the OS itself, and patches aren’t usually built for older versions of Android. As Google explained to

Beardsley:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

That’s perhaps understandable, but it does leave 60 per cent of Android devices vulnerable Even if Google did write a patch, the onus would fall on OEMs and carriers to issue it over-the-air. So, good luck with that.

In more recent versions of Android the bug isn’t present, because the functionality that can be exploited is now rolled into the the Google Play Services app. That allows updates to be made via the Play Store — a much easier process that sending over-the-air updates for an OS.

Perhaps unsurprisingly, Beardsley has called for Google to reconsider in this case — though it seems unlikely he’ll succeed in convincing it. [Ars Technica via Engadget]

Picture: Uncalno Tekno/Flickr


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.