Google leaves most Android users exposed to hackers

Android logoPeople with Android smartphones and tablets running older versions of the mobile operating system -- around 60 percent of all Android users -- are going to have to live with a security flaw Google has decided not to fix.

A known security bug in the default, unbranded Web browser for Android 4.3 Jelly Bean and older versions of Google's mobile OS will go unpatched, Google's chief of security for Android wrote in a Google+ post on Friday.

"Keeping software up to date is one of the greatest challenges in security," Adrian Ludwig wrote. Because the browser app is based on a version of the WebKit browser engine that's now more than two years old, fixing the vulnerability in Android Jelly Bean and earlier versions is "no longer practical to do safely," he wrote.

Google confirmed on Saturday that Ludwig's post is the company's official position on the matter.

The company's decision has upset security experts, who worry hackers will be able to easily target the hundreds of millions of people using phones and tablets that run older versions of Android. Ludwig contends the number of people potentially affected by the vulnerability is "shrinking every day." But for security professionals, it's just not shrinking fast enough.

According to Google's own Android usage numbers, 39.1 percent of its smartphones and tablets run a newer, unaffected version of Android: 4.4 KitKat. The most recent version of the operating system, Android 5.0 Lollipop released in November, makes up less than one-tenth of 1 percent of Android devices in use. That means about 60 percent of Android devices run versions of the OS that included the susceptible browser by default.

The consequence of having so many people running so many different versions of the same operating system is that it becomes far more complicated to protect them, wrote Tod Beardsley, an engineering manager at security firm Rapid7. "Unfortunately, this is great news for criminals for the simple reason that, for real bad guys, pretty much everything is in scope," he wrote in a blog post.

Upgrading to a new Android phone or tablet isn't an option for many people, Beardsley said, because while the latest Nexus phone running the latest version of Android retails for $649.99, Amazon sells new, out-of-the-box Android phones running older versions of the operating system for one-tenth the price.

Ludwig recommends people on Android 4.3 or older use a different Web browser. He suggests Google Chrome, which works on Android 4.0 Ice Cream Sandwich and newer, or Mozilla Firefox, which works on Android 2.3 Gingerbread and newer. However, switching browsers won't fully address the flaw since it affects the part of the default browser that apps tap into to display websites. Ludwig asks app developers to restrict loading content in their apps that doesn't come from the Android device itself, or over a secure connection.

Beardsley said he empathizes with Google's decision because of the difficulties in updating old computer code. But he said he hopes the company revisits its decision in light of the huge number of people who depend on Android "to manage and safeguard the most personal details of their lives."

Source: CNET

Tags: Android, browsers, Google, security

Comments
Add comment

Your name:
Sign in with:
or
Your comment:


Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party


Thongkhan#10 0
May 9, 2012 You sir are completely correct. You aren't a monkey being told when to dance and in what style. You do whatever make you feel good and feel accomplished when you finish editing a video. Many people don't realize just how hard just giving news it' as many commenters have never tried a youtube video for themselves. Thats totally fine but the key for any vid is for the host to be comfortable and do his or her own thing. Dave keep it up, i think your getting better every week. Peace bud.
Reply 

Last news

 
Consumer group recommends iPhone 8 over anniversary model
 
LTE connections wherever you go and instant waking should come to regular PCs, too
 
That fiction is slowly becoming a reality
 
The Snapdragon 845 octa-core SoC includes the Snapdragon X20 LTE modem
 
Human moderators can help make YouTube a safer place for everyone
 
Google says Progressive Web Apps are the future of app-like webpages
 
All 2018 models to sport the 'notch'
 
The biggest exchange in South Korea, where the BTC/KRW pair is at $14,700 now
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 /
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
 
 

News Archive

 
 
SuMoTuWeThFrSa
     12
3456789
10111213141516
17181920212223
24252627282930
31      




Poll

Do you use microSD card with your phone?
or leave your own version in comments (4)