A couple of weeks ago, we had heard that there was a web security flaw discovered in older Android smartphones. Naturally with the flaw discovered you would have thought that Google would jump on it and issue a fix ASAP, but they didn’t. Understandably some of you guys might be disappointed but Google has since offered an explanation as to why.
According to Google’s Adrian Ludwig, it is apparently not “safe” to patch pre-Android 4.4 versions of WebView, which is basically the framework that allows apps to display websites without the need for a separate browser. Ludwig also points out that the amount of code Google would have to comb through – 5 million lines of code for WebView alone – would take too long.
That and the fact that the number of users actually affected by legacy WebView is starting to shrink these days as more handsets are released with newer builds on Android already installed on them. However Ludwig does acknowledge that there could be some users of older Android builds around and has issued some guidelines on how to protect yourself.
“Using a browser that is updated through Google Play and using applications that follow security best practices by only loading content from trusted sources into WebView will help protect users,” says Ludwig. In any case hopefully with these guidelines, users of older Android devices can find a way to protect themselves, at least until they upgrade, but in the meantime are you satisfied with Google’s answer?