- Reaction score
- 1,712
Millions of Android users could be at risk as Google cuts back on security updates for older versions of its smartphone operating system.
The risk arises because Google has stopped producing security updates for parts of those older versions.
About 60% of all Android users, those on Android 4.3 or older, will be affected by the change.
The researchers who uncovered the policy change said it was "great news for criminals".
The shift was brought to light by security experts who found vulnerabilities in the webview component of Android 4.3 aka Jelly Bean. Webview is used to display webpages on an Android device.
Tod Beardsley and Joe Vennix from security firm Rapid7 and independent vulnerability finder Rafay Baloch contacted Google to let it know about the loophole. They expected to hear about the work Google was doing to patch the bug but instead were told that it was now only fixing bugs found in the two most recent versions of Android known as Kitkat (4.4) and Lollipop (5.0).
In a blogpost, Mr Beardsley said Google's Android security team told him it would "welcome" a patch from the researchers if they produced one but would not be making one itself. It added that it would tell its Android partners about the bug even though no fix would be forthcoming.
The risk arises because Google has stopped producing security updates for parts of those older versions.
About 60% of all Android users, those on Android 4.3 or older, will be affected by the change.
The researchers who uncovered the policy change said it was "great news for criminals".
The shift was brought to light by security experts who found vulnerabilities in the webview component of Android 4.3 aka Jelly Bean. Webview is used to display webpages on an Android device.
Tod Beardsley and Joe Vennix from security firm Rapid7 and independent vulnerability finder Rafay Baloch contacted Google to let it know about the loophole. They expected to hear about the work Google was doing to patch the bug but instead were told that it was now only fixing bugs found in the two most recent versions of Android known as Kitkat (4.4) and Lollipop (5.0).
In a blogpost, Mr Beardsley said Google's Android security team told him it would "welcome" a patch from the researchers if they produced one but would not be making one itself. It added that it would tell its Android partners about the bug even though no fix would be forthcoming.
Google cuts back on Android security fixes
Millions of Android users could be at risk as Google changes the way it handles security updates for older versions of the smartphone operating system.
www.bbc.com
Last edited by a moderator: