Google Won’t Patch WebView Security Issues in Android Versions Prior to Kit Kat 4.4

Google unofficially stated last week that it will not be providing security updates for Android versions older than 4.4 (Kit Kat). Notwithstanding the fact that the latest version of Android (5.0 Lollipop) hasn’t rolled out widely and Kit Kat is effectively the major release which is prevalent, alarmingly over 60% of Android devices are sporting versions prior to 4.4.

If you followed the story, you’ve probably heard the name WebView, which is at the heart of this development. You can think of WebView as an integral component of Android’s internet browser for versions prior to 4.4. In the Kit Kat release support for Adobe Flash was dropped, and so was that version of WebView.

The older version of this component has several security holes and is reportedly very difficult to patch up – hence Google’s decision to drop support for it altogether. The email response from quoted in a blog post here came after security researchers forwarded another vulnerability report.

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”

The fact that Google is only going to be supporting Kit Kat and Lollipop versions means that a large chunk of Android users will be left to community developed patches and ROMs. This in itself isn’t a very viable solution either because majority of these users aren’t likely to be familiar with flashing and installing custom ROMs on their devices.

Nevertheless, from Google’s perspective, such a move makes sense because Android is fragmented and there isn’t much anyone can do about it. It is after all an open-source OS and runs on hundreds of varying device makes and models, making it very hard for Google to keep everyone in line and up to speed.

Android Version Stats 2015

Distribution of Android versions from 2009 to 2015 – Image from Wikipedia

The upside to this may be that manufacturers of Android devices may be more proactive with the latest OS upgrades to protect their customer base. However, these very manufacturers may stand to lose the most if they regularly update all their devices with the latest Android versions because that will inevitably lead to fewer sales for their latest offerings.

In light of modern security challenges and news of hackers running amok with private emails and photos, security for smartphones and mobile devices merits more attention from both hardware and software manufacturers.

Recommended for you: How to Secure Data on Android Phones & Tablets

It remains to be seen whether this trend continues to follow as the Android OS develops further. If so, it will definitely lead to concerns but may also serve as the push needed to make manufacturers consider putting more effort into supporting their older hardware with regular updates.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top