Google explains why it won't fix Android glitch in older phones

Google explains why it won't fix Android glitch in older phones
Earlier this month, we told you about an extremely serious bug affecting 939 million Android handsets running an Android build under 4.4. The bug is inside Android WebView, which allows apps to display websites without using another browser. In a long Google+ post on Friday, the head of Android security, Adrian Ludwig, discussed why Google is not bothering to exterminate this bug.

With nearly 1 billion phones in danger of being attacked by malware, this would seem to be a pressing matter in Mountain View. But Ludwig points out that with 5 million lines of code involved, fixing the problem would require "changes to significant portions of the code and was no longer practical to do safely." 

For those using an Android phone that is affected, Ludwig suggests downloading the Chrome or Firefox browser, both available from the Google Play Store. Both of these browsers use their own content renderer and are frequently updated through Google Play. By being updatable, the browsers can be protected from current and future issues. Firefox will work on phones running Android 2.3 or higher. Chrome is compatible with handsets powered by Android 4.0 or higher.

source: +AdrianLudwig, WSJ

FEATURED VIDEO

38 Comments

1. Neo_Huang

Posts: 1067; Member since: Dec 06, 2013

There's a simple solution, and most Android phones come with it pre-installed, so I can see why they made this choice.

16. engineer-1701d unregistered

also if you have a phone running less then 4.0 you need a new phone even pree phones come with 4.0 and higher

25. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

At least, there is clarity on the issue this round. Avoid browsing with WebView. For those using Dolphin, its ok too! "disabling the default Android browser and installing Chrome, Dolphin or another full web browser is good advice regardless the issues. Developers, please familiarize yourself with the best practices for your apps, to keep us secure" http://www.androidauthority.com/google-webview-security-582363/

37. BobbyBuster

Posts: 854; Member since: Jan 13, 2015

Really? My sis' GNex is stuck with JB, and she always uses that affected 'internet' browser. Now I HAVE TO inform and persuade her to switch the browser, and she'll have a hard time getting used to a different browser. That massively sucks, and of course, NO ONE feels responsible for this mess, typical for CrapDroid.

38. BobbyBuster

Posts: 854; Member since: Jan 13, 2015

And what about the "hybrid" apps written in html5? Don't tell me that they utilize the third party browser engine.

2. matistight

Posts: 986; Member since: May 13, 2009

makes sense

8. maherk

Posts: 6878; Member since: Feb 10, 2012

Not really. It kinda reminded me by Apple's way of dealing with such problems, you're holding it wrong. You can't tell those who doesn't check their Google+ time line, or those who have never went into a tech site to do this to avoide this glitch, instead you do your job as a big and supposedly well respected cooperation and fix the damn glitch.

12. Extraneus

Posts: 121; Member since: Jun 02, 2012

Agree. 90% (at least!) of users with these phones will never stumble across a site mentioning this problem, and so won't know to switch to a different browser.

14. sharks

Posts: 236; Member since: Feb 16, 2013

Who uses a browser other than Chrome or Firefox on Android anyway? I got both. Even noobs know and prefer to sync their bookmarks and passwords from their PC with Chrome which is really excellent since it's also developed by Google and integrates extremely well with Android. Firefox is great alternative. You don't need to be a PC wizard to know that IE is just not a viable browser for a long time now, so you're probably already using Chrome or Firefox anyway.

20. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

IE does all that you say, syncs across devices of the windows sphere etc etc. It is actually a faster browser, on laptops etc it doesn't suffer from battery bugs etc and is less resource hungry. It is just people that refuse to actually know any different that actually think there is a huge difference. You can talk extensions all you want, but in reality these people the poster is referring to wont know about it. Heck I deal daily with over a dozen people that look at me and go...what is chrome, what is adblock. DAILY.

17. engineer-1701d unregistered

the people with these phones are in third world areas and dont care since they have nothing for malware to take. and any other country people have a higher the 4.0 and 4.4 phone. plus no one uses stock browser i wish i could take samsungs internet browser off since its not samsungs optimized browser

26. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

While that is true. It does allow malicious hackers to exploit the less informed Android users. Using bait such as free porn and other attention grabbing means. i hope Google learned from this mistake, provide a mean to replace those codes in future OS releases.

19. Awalker

Posts: 1977; Member since: Aug 15, 2013

The solution is available already. Manufacturers have to update their phones to at least Kitkat. It's a manufacturer's problem, not Google.

21. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Gotta love the ASOP cop out...

3. strudelz100

Posts: 646; Member since: Aug 20, 2014

Could be a built in hole for "security" reasons. Of course it won't be patched. AOSP Browser is used widely by discount brand Android handsets that can't afford access to the Play Store. Non-existent updates will mean this security hole will persist in poor areas like Africa and the near east for the next half decade. Don't need these vulnerabilities in Chrome. Google hands over user data on demand to Nanny states around the globe. Privacy minded folks also have widely used the AOSP browser. in the past. Most have since switched to better browsers like Ghostery. Luckily those people also usually know that rooting to keep software security up-to-date, and keeping Google analytics off your device is important as well.

6. memsto

Posts: 2; Member since: Jan 24, 2015

brahh whyare you so ignorant , there is a f**king play store even an apple app store in countries which you consider poor like Nigeria, Ghana, south Africa, Egypt, Cameroon etc. Africa is not a country!!!!!!!!!!!!!

13. Cdowd85

Posts: 17; Member since: Aug 06, 2013

You do realize there are phones (I.e. Most Chinese branded phones, the amazon fire phone) that don't have access to the playstore or other Google Apps. So explain to me how he's being ignorant?

31. mixedfish

Posts: 1555; Member since: Nov 17, 2013

You can side load apps on any Android device and Amazon Fire has access to Amazon apps. Derp.

15. strudelz100

Posts: 646; Member since: Aug 20, 2014

I never said Africa was a country. brahh read the comment you dumb f*ck. App store access is dependent on the OEM, not where you live. Africa has a ton of cheap phones without Google services. So does China. brahhhh why you so ignorant I'll thumbs up you for being dumb.

4. ThePython

Posts: 902; Member since: May 08, 2013

Translation: "Because we don't want to."

5. hellbread

Posts: 309; Member since: Nov 21, 2014

Hey, why you using my avatar?! :-)

7. Planterz

Posts: 2120; Member since: Apr 30, 2012

It wouldn't matter if Google fixed it in older versions, because the manufacturers wouldn't bother updating their older devices. Never mind the carriers.

9. maherk

Posts: 6878; Member since: Feb 10, 2012

True that.

10. cripton805

Posts: 1485; Member since: Mar 18, 2012

Yup, and it would probably create more problems in the process.

11. AfterShock

Posts: 4146; Member since: Nov 02, 2012

Modern phones with KK or L5 can be had at $100 mark, maybe some need to upgrade. These phones effected are over two years old, an some three or better. So carriers an OEM are not going to bother even a patch existed for old low end wares. Otherwise, it was fixed in KitKat onward.

18. Liveitup

Posts: 1798; Member since: Jan 07, 2014

Google should work on fixing its own vulnerabilities instead of pin pointing other platforms own.

24. AfterShock

Posts: 4146; Member since: Nov 02, 2012

You know, that I agree with. Black eye accepted.

27. sprockkets

Posts: 1612; Member since: Jan 16, 2012

Why? Because you hate it when Google finds out problems before the black hats do? Seriously, think before you say something stupid like that.

28. AfterShock

Posts: 4146; Member since: Nov 02, 2012

That's not the issue man, its dirty pool. I know they gave Apple an MS 90 to correct it but is still low. Not evil, but not good. Bad karma.

29. joey_sfb

Posts: 6794; Member since: Mar 29, 2012

Each has their own reasons. I think more communication and less back room politics. If normal individual with no stake in the company can't see this than it will be harder for the respective companies to do the right thing. Hope some day we will evolve to be better.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.