Google won’t fix security bug in nearly a billion Android phones, hopes users will solve it
Problem hits those using older versions of Android — but that’s most people
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A security bug affecting a billion phones running Android will not be fixed because the software is too old.
There is a serious flaw in WebView, the piece of software that Android used to render webpages up until KitKat (version 4.4) and found by security analyst Tod Beardsley. But because the software is old, Google will not be developing a fix for the problem.
Instead, makers of phones or others will be expected to create patches that will stop the bug.
“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration,” the Android security team told Beardsley. “Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”
Google says that devices running older versions of Android, such as Jelly Bean, are now too old for it to continue supporting them. Beardsley points out that many other software companies drop support for older software, and the affected versions are two back from Lollipop, the current release.
But Android phones are notoriously slow to get updated, and many manufacturers are still shipping out older versions of the operating system.
The current release, Lollipop, accounts for only 0.1% of the market according to Google’s Android Developer Dashboard, and more than 60% of devices are running the vulnerable software.
That means that over 930 million Android phones have the problem and will not be able to get it fixed, according to Beardsley.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments