A new Android bug is exposing around one billion devices due to a security vulnerability. This bug only affects phones and tablets that are running versions of Android that are older than 4.4 Kit Kat, which is just under one billion devices in total.
The vulnerability was spotted by security expert, Tod Beardsley, an analyst who explained that the issue can be found in Android WebView. This old software allows apps to show web pages without having to open up a different application. This software was replaced in Android KitKat but those running Jelly Bean or older might not be getting a fix.
It doesn't sound like Google itself is going to fix the problem either. Beardsley flagged up the bug with Google, who responded by saying: “If the affected version of WebView is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”
Google's Android updates are often heavily fragmented so there are many devices out there running old versions of Android, with around 60 per cent of devices running Jelly Bean or older. Even Google's newer updates often have a slow adoption rate, with less than 1 per cent of devices currently running Android 5.0 Lollipop.
Discuss on our Facebook page, HERE.
KitGuru Says: So from the sounds of it, Google is open to someone else patching the problem for them but it won't be going out of its way to do it on its own. Unfortunately, now that this vulnerability is public knowledge, we may see some dodgy applications pop up, which take advantage.
Not going to fix it themselves… This coming from the same company who recently revealed a windows vulnerability and criticised Microsoft for not patching it… hypocrite