News Google cuts back on Android security fixes (Android 4.3 and below are out)

[tom_mai78101]

Millions of Android users could be at risk as Google cuts back on security updates for older versions of its smartphone operating system.

The risk arises because Google has stopped producing security updates for parts of those older versions.

About 60% of all Android users, those on Android 4.3 or older, will be affected by the change.

The researchers who uncovered the policy change said it was "great news for criminals".

The shift was brought to light by security experts who found vulnerabilities in the webview component of Android 4.3 aka Jelly Bean. Webview is used to display webpages on an Android device.

Tod Beardsley and Joe Vennix from security firm Rapid7 and independent vulnerability finder Rafay Baloch contacted Google to let it know about the loophole. They expected to hear about the work Google was doing to patch the bug but instead were told that it was now only fixing bugs found in the two most recent versions of Android known as Kitkat (4.4) and Lollipop (5.0).

In a blogpost, Mr Beardsley said Google's Android security team told him it would "welcome" a patch from the researchers if they produced one but would not be making one itself. It added that it would tell its Android partners about the bug even though no fix would be forthcoming.

Google cuts back on Android security fixes

Millions of Android users could be at risk as Google changes the way it handles security updates for older versions of the smartphone operating system.

www.bbc.com

 

[Slapshot136]

Honestly this might be a good thing, as it puts more pressure on lazy manufactures to keep supporting older phones and update them to the latest version

 

[tom_mai78101]

It also puts off thousands of customers who grandfathered old unlimited data plans from upgrading.

New, better data plans + actual unlimited data = more people to upgrade from old phones = easier to get people to use newer, supported Android versions.

 

[Slapshot136]

It also puts off thousands of customers who grandfathered old unlimited data plans from upgrading.

New, better data plans + actual unlimited data = more people to upgrade from old phones = easier to get people to use newer, supported Android versions.

this is actually another stupid thing, a plan is a plan, regardless of the phone - it's tied to the sim card if anything, not the phone

 

[tom_mai78101]

But the unlimited-ness of data usage you're allotted and allowed on your old giant SIM cards, and not the latest craze of microSIM or nanoSIM cards.

I actually don't know if changing SIM cards from bigger sizes to smaller ones would also require you to upgrade your tiered data plan for some carriers. I do know some carriers, like AT&T and Verizon, is fighting off grandfathered plans.

 

[The Helper]

I always thought it was stupid that Android Phones were locked to a certain version. OS should be upgradeable like others. Sucks to be an older Android device user for sure.

 

[tom_mai78101]

I always thought it was stupid that Android Phones were locked to a certain version. OS should be upgradeable like others. Sucks to be an older Android device user for sure.

Tell that to the carriers that handles OEM distributions. They would say, oh hey, no one likes to buy newer phones (because no one wants to abandon old but truly unlimited data plans), so we don't need to force people to upgrade our current Android versions.

 

[Accname]

Wait. You cant update android phones? Is that true?
I always thought you could, some people told me they were able to.

 

[tom_mai78101]

Wait. You cant update android phones? Is that true?
I always thought you could, some people told me they were able to.

Some carriers will not upgrade your Android versions out of trying to monetize from consumers, and to force consumers to pay for newer and restricted data plans they have right now if they wished to have newer Android versions.

This is not the case if you bought your smartphone directly from manufacturers, such as Google/Motorola, HTC, LG, Samsung, etc. Manufacturers will usually post new OEM versions of Android whenever they are ready to be distributed over the air for software updates, and they do not have restrictions imposed by them carriers.

 

[Slapshot136]

But the unlimited-ness of data usage you're allotted and allowed on your old giant SIM cards, and not the latest craze of microSIM or nanoSIM cards.

err.. you can cut down sim cards, it's not too hard..