One billion Android smartphone users at risk from hackers as Google kills update
Google is putting nearly one billion Android smartphone users at risk by ending security updates to one of the core components within its Jelly Bean mobile operating system.
Around 939 million Android users could fall victim to malicious hackers targeting the WebView tool used to render web pages on Android devices.
Google is yet to comment on the matter but security incident handlers at Android have responded to reports from users that it will no longer be providing patches for Android Jelly Bean - officially known as Android 4.3.
"If the affected version (of WebView) is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration," one incident handler said.
"Other than notifying OEMs (Original Equipment Manufacturers), we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch."
Security experts have been quick to criticise Google for putting two thirds of users at risk, who claim that WebView is particularly vulnerable due to software weaknesses previously uncovered.
"Taken together - the two-thirds majority install base of now-unsupported devices and the practical inability of that base to upgrade by replacing hardware - means that any new bug discovered in 'legacy' Android is going to last as a mass-market exploit vector for a long, long time," Tod Beardsley, technical lead at penetration testing software firm Metasploit, said in a blog post.
"Unfortunately, this is great news for criminals for the simple reason that, for real bad guys, pretty much everything is in scope."
Google's security policies under fire
Google has recently come under criticism for its policy of publishing details of security flaws in the software of rivals.
Microsoft said that it was ultimately customers who suffered when Google disclosed a bug in Windows as part of the Search Giant's Project Zero initiative.
Security expert Graham Cluley referred to Google's actions as "schoolyard antics", while a developer on Google's bug reporting site said that "Google was wrong with what they did".
Security researchers have also implored Google to continue support for Android Jelly Bean and other older versions of the popular mobile operating system.
"As a software developer, I know that supporting old versions of my software is a huge hassle," Beardsley said.
"However, a billion people don't rely on old versions of my software to manage and safeguard the most personal details of their lives."
© Copyright IBTimes 2024. All rights reserved.