Roughly 939 million Android phones affected by a grave bug, Google won't do anything about it
posted by Peter K. / Jan 13, 2015, 2:37 AM
According to Tod Beardsly, a security analyst with Rapid7, all Android version below Android 4.4 KitKat are suffering from a pretty serious security vulnerability, which leaves them out on a limb, susceptible to malicious hacker attacks.
It seems that the culprit for this security hole is a bug found inside Android WebView, an undividable part of Android 4.3 and lower builds, which allows you to display online content in a given app. It's works alongside numerous other core Android services, which, naturally, leaves a security breach as wide as the Grand Canyon.
This security flaw leaves roughly 939 million Android handsets vulnerable to malicious attacks, which is a pretty serious figure. Generally, one might speculate that Google will be addressing the flaw as we speak, working on an urgent hotfix. However, one would be quite wrong, unfortunately.
It seems that Mountain View is not concerned at all about the WebView security issue, declining to fix the problem, and leaving the various OEMs to cope with it themselves. Considering the fragmentation of the platform, this generally means that a lot of these might not address the issue, too.
Google uses another similar component for Android 4.4.x KitKat and 5.0 Lollipop, which means that they can't be affected by the WebView bug. Yet, these versions of the OS are not as widely-present as the older ones.
It looks like Tim Cook might have been entirely correct when he claimed that Android is a "toxic hellstew of vulnerabilities". Any thoughts?
Posts: 3105; Member since: Feb 06, 2013
Will it really affect general people? Those who use phone for really classified communication will definately have latest secured device..
posted on Jan 13, 2015, 2:47 AM 6
Posts: 534; Member since: Nov 28, 2013
Nah Phonearena just wants you to know Google socks even though this isn't google's fault. Blame it on the OEMs who refuse to update devices past jellybean
posted on Jan 13, 2015, 3:39 AM 12
Posts: 330; Member since: Aug 01, 2012
guys, think about it this way, if somebody didn't upgrade from 4.3 or 4.2, why would they update this??? People are too lazy to check for updates (I have a buddy who never does that, unless i do it for him) or their handsets doesn't support it. So this is a lose-lose situation. Just upgrade to the goodness of kitkat, 4.4.4 and all good. this is why google won't do anything about it. Do yo usee Apple servicing ios 4.0? No it's all about 8.0.2 or whatever the version is.
posted on Jan 14, 2015, 8:55 AM 0
Posts: 6794; Member since: Mar 29, 2012
How is it more vulnerable compare to other platforms? This article reads as bad as the Apple propaganda slide.
posted on Jan 13, 2015, 2:50 AM 32
Posts: 232; Member since: Oct 18, 2012
I even think they just tried to publish the article just so they can use that photo.
posted on Jan 13, 2015, 3:05 AM 23
Posts: 4063; Member since: Jul 23, 2013
They want to start a flame war for their advertising problems. If they had a decent article with actual analysis once in a while, they would have legitimate page views and actual, long-term, revenue instead of this short term flame-bait crap.
posted on Jan 13, 2015, 4:22 AM 7
Posts: 496; Member since: Feb 28, 2014
LOL! And look at google. Trying to point out bugs in Windows 8.1. Pathetic.
posted on Jan 13, 2015, 3:35 AM 8
Posts: 509; Member since: Jun 30, 2012
Lately I found articles in Phoenarena very bland and unexciting. I rarely spend more than 5 minutes skimming the article titles.
posted on Jan 13, 2015, 3:00 AM 27
Posts: 187; Member since: Dec 17, 2014
well idk how the bug is supposed to be, but if it universal across android phones below kitkat, then google should do something about it. oems as we ve seen, how long it takes them to get updates out. next we knw is android 6 is out.
posted on Jan 13, 2015, 3:08 AM 2
Posts: 971; Member since: Oct 23, 2012
Google has already addressed the problem. It's called android lollipop.
posted on Jan 13, 2015, 7:42 AM 5
Posts: 187; Member since: Dec 17, 2014
Phone arena posts somethings of iphone, good or bad, is iphone arena, they post bad of android, phone arena is boring, they have nothing to report. what shall they report :/ spontaneous get news from thin air .. all phone news i want, i get it here. # naggers!
posted on Jan 13, 2015, 3:17 AM 9
Posts: 432; Member since: Aug 20, 2013
Oh yeah, it takes over two years for Mr. Tod Beardsly - an expert - to announce this serious bug. So, how about other hackers? How long did it take them to issue and use that bug? Well, they may not have known whether that bug exists or not until our guy tells the world about it and he always know Google and its partners won't do anything for sure, because Android JB development has been discontinued for over a year. This is nothing but a trick backed by Google's rivals.
posted on Jan 13, 2015, 3:22 AM 5
Posts: 2371; Member since: Apr 30, 2013
One of these types of propaganda articles spring up for the sake of views. Because PA knows that when it's polarizing, it sells. This has no consequence to the typical everyday user anyway. No one Android firmware version is the same across all devices anyway, OEMs often modify and iron out bugs in the coding anyway that Google would otherwise overlook and address in a later iteration of the OS.
posted on Jan 13, 2015, 3:23 AM 6
Posts: 1442; Member since: Nov 19, 2012
This is pure FUD. If you own a Nexus, then your phone is updated unless it's more than three years old (galax nexus). Now we can discuss if this is enough or not: I agree that the limit should be higher, but most people changhe their phone before it's three years old. If you own a phone by another manufacturer which has not been updated to kitkat, this means that your manufacturer has ended the support for that phone and your firmware would not be updated anyway. It would be completely wasted effort for Google to patch Android version prior to Kitkat, because no manufacturer in the world would then push the update to its customers. So blame your manufacturer. I'm blaming Sony that ended support for my Xperia V after one year and a half, not Google.
posted on Jan 13, 2015, 3:31 AM 3
Sorry PA, but you made a mistake there. Tim Cook was't the one who said toxic hellstew, he just quoted Adrian Kingsley-Hughes. It's says so on the image even. geesh... And one major bug doesn't make a toxic hellstew. But leave it to Tim to exaggerate the facts.
posted on Jan 13, 2015, 4:00 AM 10
Posts: 10457; Member since: May 14, 2012
PA is sloppy and unorganized. The f---ing picture itself shows the person who said the quote. Jesus himself can't help this site.
posted on Jan 13, 2015, 4:28 AM 8
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):