Google won't patch flaw affecting nearly 1bn users

4.7
Last month, Google took the bold steps to release the details of a security vulnerability ahead of Microsoft's Patch Tuesday. Microsoft said that the patch was set to be released two days after Google went live with the details and that they refused to wait an extra 48 hours so that the patch would have been released along with the details of the exploit.

Recently, an exploit has been uncovered in Android 4.3 (Jelly Bean) - which covers roughly 60% of Android's install base, according to the Android Developer dashboard - and Google is saying that they will not patch the flaw.

In response to Tod Beardsley's questioning Google over the flaw and if they would patch it, the Android security team responded by saying:

If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.

The flaw, which exists in WebView (a core component used to render web pages on an Android device) impacts nearly 1 billion users, when using Google's own numbers as a base along with Gartner figures. Industry reports say that there are roughly 1.56 billion phones with Android on them, and if 60% are running the now non-supported version of Android, that means roughly 930 million phones are now vulnerable.

Jelly Bean was first announced in June of 2012, which means that Google is dropping support for its mobile OS less than three years after it was released.

This present a large issue for those who want to use Android phones in the corporate world as Google is clearly stating that legacy support for the OS is not on their agenda. The fact that phones are still being sold with Jelly Bean means that the vulnerability is not going away anytime soon, as devices with the OS will be in consumers' hands for many years to come.

Posted:
Related Forum: Mobile Devices

Source: http://www.neowin.net/news/after-throwing-microsoft-under-the-bus-google-wont-patch-flaw-affecting-nearly-1bn-users

Comments

"Google won't patch flaw affecting nearly 1bn users" :: Login/Create an Account :: 34 comments

If you would like to post a comment please signin to your account or register for an account.

ej70Posted:

OhDiegoCosta
iBaby
Miss Love my HTC. Never getting rid of it no matter what.


I had an HTC one x and I hated it

Broke like 3 times, Good I got the iphone 6 tbh.


Yep, Apple are much more supportive when it comes to patches/upgrades. Certainly worth paying that bit extra


yes...im sure apple is much more inexpensive and dont break as easy...............

1989Posted:

TSA Pretty sure Google can afford a patch to help a lot of people.


They can afford it lol. I just honestly don't understand what they are doing.

OhDiegoCostaPosted:

iBaby
Miss Love my HTC. Never getting rid of it no matter what.


I had an HTC one x and I hated it

Broke like 3 times, Good I got the iphone 6 tbh.


Yep, Apple are much more supportive when it comes to patches/upgrades. Certainly worth paying that bit extra

BlGPosted:

Pretty sure Google can afford a patch to help a lot of people.

XboxPosted:

Wow why dont they just patch it.

BruPosted:

The-Monstrosity not that happy... ergh this could affect the users


Its true but do you think a company like google care about us? Nah, they just want to make money.

GrownPosted:

Brigand
Earn I'm disappointed in them considering It's effecting 1 Billion users and there not doing anything about it..


As long as they are making profit, they really don't care about the problems their customers have.


You can always call customer support.. Because we all know that works really well..

The-MonstrosityPosted:

not that happy... ergh this could affect the users

BrigandPosted:

Earn I'm disappointed in them considering It's effecting 1 Billion users and there not doing anything about it..


As long as they are making profit, they really don't care about the problems their customers have.

StonerzardPosted:

HeisenbergMods If you aren't a "head up your arse" apple kid, you'd probably be smart enough to download a third party made patch from trusted android devs that specialize in this. Lol.


Exactly. Anyway, as they said in this post - they don't generally make patches. So why would they now?

That's like a factory that makes flash lights, manufacturing their own plastic to replace the plastic that's faulty in their product. Why would they do that? Honestly, I wouldn't be too comfortable with a Google patch.