While Google shows every month just how the variants of Android are dispersed among those using the platform in the real world thanks to distribution numbers, it seems that many users out there will have to miss out on potential fixes based on the version of Android they’re running on their daily driver.
According to a report published by the Wall Street Journal, Google is limiting its scope of software fixes for Android, including a big security flaw within the standard Internet browser on devices running Android 4.3 or later. According to the report, security researcher Rafay Baloch discovered some flaws within the stock internet browser in the fall of 2014. While Baloch reported the issues to Google, the company responded saying that they do not typically produce patches for WebView if the errors are found in systems before 4.4:
“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.“
Google does seem to note that they will forward the issues to OEMs, but that doesn’t seem to address the issue at all. In fact, it would seem that this is about as far as anything will come of it. Of course, this particular issue is not present on Android versions 4.4 or 5.0, which is using a newer Chromium-based WebView.
What do you think of Google’s decision to skip addressing these issues in older versions of Android? While many users may know how to download replacement Browsers from the Google Play store, many do not.
[via WSJ; Metasploit]