Google will not repair a safety bug that is in virtually a billion Android telephones

Google won't fix a security bug that's in almost a billion Android phones

A day after Google publicized a flaw in Home windows eight.1 earlier than Microsoft might do something about it, information broke a few safety vulnerability in Android that the Mountain View firm, properly, will not repair in any respect. Tod Beardsley, an analyst from Rapid7, a safety knowledge and analytics agency, discovered a critical bug within the WebView element of Android four.three and under (it is an older little bit of software program that lets apps view webpages with out launching a separate app) that probably opens up affected telephones to malicious hackers. Android four.four and are unaffected by the bug, however as 60 % of Android customers — that is near a billion individuals — nonetheless use Android four.three or decrease, it nonetheless impacts so much of individuals. Sadly, as Beardsley came upon, Google will not repair it, leaving it as much as the varied OEMs and producers to situation a patch as an alternative.

The quote from Google to Beardsley is as follows:

If the affected model [of WebView] is earlier than four.four, we usually don’t develop the patches ourselves, however welcome patches with the report for consideration. Aside from notifying OEMs, we will be unable to take motion on any report that affects variations earlier than four.four that aren’t accompanied with a patch.

In line with Beardsley, it appears that evidently Jelly Bean units are just too previous to help — supporting previous software program variations is pretty uncommon, in any case. However on this case, he asks Google to rethink, because of the wider penalties this safety flaw might probably unravel. Till then, nevertheless, it may be a good suggestion to improve to Android four.four, or maybe get a brand new telephone altogether.

[Image credit: Phillip Bond / Alamy]

By way of: ArsTechnica

Supply: Rapid7

Tags: android, bug, flaw, google, safety

 Disguise Feedback zeroFeedback