Google leaves most Android users exposed to hackers

Android logoPeople with Android smartphones and tablets running older versions of the mobile operating system -- around 60 percent of all Android users -- are going to have to live with a security flaw Google has decided not to fix.

A known security bug in the default, unbranded Web browser for Android 4.3 Jelly Bean and older versions of Google's mobile OS will go unpatched, Google's chief of security for Android wrote in a Google+ post on Friday.

"Keeping software up to date is one of the greatest challenges in security," Adrian Ludwig wrote. Because the browser app is based on a version of the WebKit browser engine that's now more than two years old, fixing the vulnerability in Android Jelly Bean and earlier versions is "no longer practical to do safely," he wrote.

Google confirmed on Saturday that Ludwig's post is the company's official position on the matter.

The company's decision has upset security experts, who worry hackers will be able to easily target the hundreds of millions of people using phones and tablets that run older versions of Android. Ludwig contends the number of people potentially affected by the vulnerability is "shrinking every day." But for security professionals, it's just not shrinking fast enough.

According to Google's own Android usage numbers, 39.1 percent of its smartphones and tablets run a newer, unaffected version of Android: 4.4 KitKat. The most recent version of the operating system, Android 5.0 Lollipop released in November, makes up less than one-tenth of 1 percent of Android devices in use. That means about 60 percent of Android devices run versions of the OS that included the susceptible browser by default.

The consequence of having so many people running so many different versions of the same operating system is that it becomes far more complicated to protect them, wrote Tod Beardsley, an engineering manager at security firm Rapid7. "Unfortunately, this is great news for criminals for the simple reason that, for real bad guys, pretty much everything is in scope," he wrote in a blog post.

Upgrading to a new Android phone or tablet isn't an option for many people, Beardsley said, because while the latest Nexus phone running the latest version of Android retails for $649.99, Amazon sells new, out-of-the-box Android phones running older versions of the operating system for one-tenth the price.

Ludwig recommends people on Android 4.3 or older use a different Web browser. He suggests Google Chrome, which works on Android 4.0 Ice Cream Sandwich and newer, or Mozilla Firefox, which works on Android 2.3 Gingerbread and newer. However, switching browsers won't fully address the flaw since it affects the part of the default browser that apps tap into to display websites. Ludwig asks app developers to restrict loading content in their apps that doesn't come from the Android device itself, or over a secure connection.

Beardsley said he empathizes with Google's decision because of the difficulties in updating old computer code. But he said he hopes the company revisits its decision in light of the huge number of people who depend on Android "to manage and safeguard the most personal details of their lives."

Source: CNET

Tags: Android, browsers, Google, security

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Thongkhan#10 0
May 9, 2012 You sir are completely correct. You aren't a monkey being told when to dance and in what style. You do whatever make you feel good and feel accomplished when you finish editing a video. Many people don't realize just how hard just giving news it' as many commenters have never tried a youtube video for themselves. Thats totally fine but the key for any vid is for the host to be comfortable and do his or her own thing. Dave keep it up, i think your getting better every week. Peace bud.

Last news

A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
A new game could be in the works as Blizzard appears to have been hiring for a Diablo-related project
Nokia CEO Rajeev Suri will speak at MWC 2017
However what if you could go way, way back?
The Helio P15 packs an octa-core Cortex-A53 processor clocked at 2.2GHz
Samsung claims up to 27-percent higher performance or 40-percent lower power
Preliminary data for October shows another Windows 10 boom
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments