A serious new bug has put almost a billion Android devices, or almost 60% of all Android-running phones and tablets under threat. If your phone or tablet runs on version before 4.4 KitKat, you could be in trouble too.
The bug was found by Joe Vennix, an engineer at Rapid7 and Rafay Baloch, an independent researcher. It lies in the WebView component of the older OS versions, allowing apps to view what content you’re surfing, without launching a separate app, of course. This is a huge security compromise, through which your info can be accessed by any entity anywhere.
This isn’t the first time that Android browser has come under scrutiny; last year we saw some major flaws being uncovered. The later versions of Android aren’t affected by it since they run Blink rather than WebKit for WebView, which used to be a part of the Android Open Source Program (AOSP). However, though the browser has been replaced by Chrome in the newer versions, it comprises for almost half of all traffic.
Unsurprisingly, when Google were notified of the flaw, it was hesitant to take any action at all, instead preferring to notify its partners to offer some remedy. Here’s what it had to say:
If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.
We consider the matter closed, then.
Ironically, this news came after Google had publicly derided Microsoft for a flaw in Windows 8.1. Though, Microsoft is most likely expected to fix that issue soon, Mountain View cannot be expected in the least to do the same.
As for the users, the least they can do is stop using apps that they don’t trust. That would count out a few major names surely. While OEMs can’t possibly update all the devices, Google has now pushed more functionality in services such as Google Play Services and Play Store. In version 5.0 Lollipop, the same goes for WebView too. Where possible, though, you should not refrain from updating the OS any further.