Google Nixes Patches for 930 Million Android Users

Life is about to get a lot more difficult for Android users running older versions of the mobile operating system. Google has decided not to develop patches for Android 4.3 and earlier versions, according to a security researcher. That decision could leave 930 million Android users vulnerable to new exploits.

The issue hinges on vulnerabilities found in WebView, a core component of the Android operating system responsible for rendering Web pages. WebView was discontinued in Android 4.4 (KitKat), but is still found in Jelly Bean and earlier versions of the OS.

Hundreds of Millions of Users at Risk

The news comes via security researcher Tod Beardsley, who works on the Metasploit project, a security testing framework. According to Beardsley, Google responded to an e-mail addressed to its Android security team about a recently discovered vulnerability with the news that exploits in versions prior to WebView 4.4 would no longer be patched. However, Beardsley said Google also told him it would continue to develop patches for other components of Android versions prior to 4.4.

According to GoogleEUs own numbers, that decision would leave the majority of Android users in the wind with regard to future vulnerabilities. More than 60 percent of Android device users are running either Jelly Bean or an earlier version of the OS. KitKat, which was first released in October 2013, is used by only 39.1 percent of Android devices. Beardsley wrote that those numbers would indicate that more than 930 million Android devices are no longer being actively supported by Google.

And although Google released another Android update, EULollipop,EU this past November, almost no one is using it. Users complaining about the latest version of the mobile operating system have said that it is so bad it renders multi-tasking almost impossible.

Opening the Floodgates to Exploits

Rather than...

Comments are closed.