Roughly 939 million Android phones affected by a grave bug, Google won't do anything about it

According to Tod Beardsly, a security analyst with Rapid7, all Android version below Android 4.4 KitKat are suffering from a pretty serious security vulnerability, which leaves them out on a limb, susceptible to malicious hacker attacks. It seems that the culprit for this security hole is a bug found inside Android WebView, an undividable part of Android 4.3 and lower builds, which allows you to display online content in a given app. It's works alongside numerous other core Android services, which, naturally, leaves a security breach as wide as the Grand Canyon.
This is a discussion for a news article. To read the whole news, click here

55 Comments

19. RareCandy

Posts: 61; Member since: Nov 20, 2014

If malware, then android. if bugs, then android ends of discussion :)

30. RebelwithoutaClue unregistered

If stupid comment, then RareCandy END (no s) of discussion :)

20. Captain_Doug

Posts: 1037; Member since: Feb 10, 2012

Where are these bugs and viruses everyone is talking about? People are crazy. I've never had either that wasn't a custom rom bug due to development (which is to be expected).

38. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Come to my job, I do no less than 2-5 exchanges a day for a crashing os, .com, process error, fail to boot past startup, etc. At minimal I do 700 android replacements a year. That could actually be more, mine is on the low end of exchange rate percentages. My team alone exchanged a crap ton. Lets not forget the android update that bricked calls for the M8 for a month, that was literally due to a google update. Uninstalling google service update cleared up problem instantly. I could offer more. But blind people dont grow eyes.

22. AfterShock

Posts: 4146; Member since: Nov 02, 2012

Tell them to use Chrome over a outdated browser built in. I guess Googles masses are hooped if that's too hard. Its like we have a bunch of former ifans or something an they can't switch settings, sheesh!

33. isprobi

Posts: 797; Member since: May 30, 2011

For the type of people that frequent this site your comment makes sense. But for most people I know they just want a phone that works. They don't even know how to turn off notifications that drive them crazy or even what all those symbols on the notification bar mean. I really think a more user friendly experience is needed. There should be a fairly comprehensive "wizard" that walks people through the most common settings when they start their phone for the first time. And every application should do the same thing. Lastly a user should be able to re-run the wizard whenever they want to change something.

39. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Your holding the phone wrong, dont use the built in apps they are prone to security flaws and problems, use these 3rd party apps instead....come on that's a copout and you know it. You know MS would never get away with that crap.

42. corporateJP

Posts: 2458; Member since: Nov 28, 2009

No, MS gets away with imploding a company from the inside and taking them on the cheap. By the way, how did their Danger hostile takeover work out? Oh, never mind, the Kins failed and Andy Rubin moved to Google...

46. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Like google did with Moto. Your drivel is worthless, yes yes MS bought Nokia. Guess what the board of Nokia could have gotten rid of elop at any moment. Do you know how CEOs work? Also they didn't hire elop because Nokia was doing awesome. Go figure. But go ahead. Instead of posting an actual response that has any merit you post one like yours. So here have a banana and go browse 9gag.

50. corporateJP

Posts: 2458; Member since: Nov 28, 2009

Got any more stories today about how you exchange defective iPhones and Androids more than WP? Newsflash: you have to actually sell someone a WP before it even puts them into a position to return it. And that banana? Did you get it from Crispin Guzman or whatever his name is? Just curious, since he you guys are in cahoots and all. I know you cats get bored on Windows Central since there's not much going on there. So do you all time it together when you come here? Sorry, I just want to know what goes on in the heads of those that worship false idols or clean their pools (Elop), that's all. Thanks...

25. Exempt1 unregistered

Jelly Bean is a 2012 released OS. Why should Google still provide support for that OS? All flagship phone's are on Kitkat or Lollipop that were released in the past 2 years or more. This is a pointless article. Also, just to make things even, Jelly Bean was the same year of iOS 6, which also has a huge security bug which Apple refuse to fix...................................

40. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

70% of phones are not flagship for android. And majority of users are not on kitkat or higher. 2yrs is nothing. Try being a company that stops supporting a 12yr old os and get flack for it.

49. Exempt1 unregistered

Google doesn't care about the OEM's, which is the majority of the 70%. Google gave the update to the OEM's, but they choose not to deliver it to the customers phones which are capable of running the software. Nexus devices are well supported which are what Google aim to do. Apple make iPhones, Google make Nexus. These are the two to compare when talking about these kind of figures you have stated. Samsung, LG, Sony, HTC etc are companies who are on the edge about a three year life cycle. Also, screw Windows, these are phones. I'd be ticked if my PC OS updated every year after I just got used to it's new functions, and so would developers. I work in design, and even now some programs glitch out on 8.1, which didn't happen on 7. Also, imagine telling your elders how to use the new update every single year. It's two complete different ball games.

26. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

What I'd like to know is, how is this any different from someone using a PC with Windows 98 or IE6 and there is a vulnerability in those platforms. Companies who stop support for a certain OS or specific programs means just that, they stopped support. Do you think if there was a major security risk, that they'd issue a patch for something like Win98 or Win2000? No, they expect you to move up and upgrade.

28. Extraneus

Posts: 121; Member since: Jun 02, 2012

You're comparing support for a 14 year old OS with support for a 2 year old ditto?

31. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

That's irrelevant. End of support is end of support. I just used 98 as an example, but they also no longer support Win XP. If any threat comes out for any OS or device they've dropped support on, they're not going to see a fix. The difference is mobile OS life cycles are much shorter than their desktop counterparts, but either way, end of support is end of support. And it's no different on any platform. Windows Phone doesn't support each iteration for as long as they do their desktop Windows version, nor does Apple support each iOS version as long as their desktop counterpart.

47. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Guess MS just does it better, their win8 phones will get win10, well that is the hopes. If they live up to it, then MS has solved the phone life cycle problem. Also apple supported their 3yr old product. All in all its a copout. Xp is also 13+ yrs old, your still failing at product timelines.

54. corporateJP

Posts: 2458; Member since: Nov 28, 2009

Better to be in bed with the devil you know I guess is what you're saying. Way to keep sticking up for Microsoft, they do nothing better than Apple or Google. They have their fair share of screw ups. Vista, Danger purchase, Kin phones...I won't even discuss the "N" word. And, you put the cart before the horse with your speculation on current or previous WP models getting any update to 10. I got a Nokia 800 that would tell you an entirely different story, stuck on 7... By the way, you still got some of those bananas from Crispin?

29. hortizano

Posts: 294; Member since: May 22, 2013

But I can't help been in love with Android... If you love something, you got to accept it with his/hers/its flaws...

37. TRUVILLE

Posts: 146; Member since: Sep 11, 2014

And that's why I only buy Google edition, Nexus ,android wear, and moto x product

41. mildorzalost

Posts: 143; Member since: Jun 03, 2014

Google is an asshole, bitching with Microsoft because windows have a bug and didn't fix it during 90 days, and then they have this a lot more dangerous bug and they just decided that they're not gonna fix anything... SHAME ON GOOGLE

48. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Their 'fix' as all android apologist here will cry, is 4.4 or use chrome.

52. Android4EveryOne

Posts: 20; Member since: Apr 19, 2014

Phonearena.com is pure trash!

53. PhillyG411

Posts: 2; Member since: Jan 09, 2015

Ill take any android even running ice cream sandwich before illl buy any pos applep products which are simplistic and designed for senior citizens and moms who have no clue what an OS.

55. jviral

Posts: 4; Member since: Jan 04, 2015

Any thoughts? Well done, Peter K.! Absolute biased piece of trash article. It is an OEM issue if the new software is available but they refuse to update the device. Also, a simple fix: update your Web browser. Why don't you mention that, Peter? Convenient article in the shadow of Microsoft controversy that Google pointed out a security flaw and Microsoft refuses to patch. Interesting. Maybe a little motivation thrown Peter'$ way.
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.