Google Stops Fixing Older Versions Of Android

By Paul Liu
Tuesday, February 17th, 2015

---

Google has reportedly abandoned a billion plus Android users and left them at the mercy of hackers and cyber criminals. The Mountain View, California based internet giant has announced that it would no longer be releasing security patches for older versions of Android (version 4.3 or older) even if major security vulnerabilities are discovered in them. As per reliable estimates, these older versions of Android are still being used in over 60% of Smartphones and tablets throughout the world.

The issue came to light when the engineering manager at Rapid7, Tod Beardsley, published a detailed blog post which claimed that Google is refusing to patch a new bug which was discovered in the WebView component of version 4.3 of Android. WebView was one of the most important components of the older Android operating system that was responsible for rendering web pages plus it also helped the apps to communicate with the internet. The WebView component also powered the old Android web browser which was replaced with Chrome in Android KitKat.

After Beardsley reported the vulnerability to Google in mid-October, the Android team responded with the message that Google has decided to stop issuing patches for older versions of WebView. The message also said that if the affected versions happened to be older than 4.4, the team won’t be releasing new patches themselves but they would consider releasing patches that are being forwarded to them. The team also added that other than notifying Original Equipment Manufacturers (OEMs), the Android team won’t be able to do anything regarding new bugs discovered in older versions of the operating system.

Beardsley has criticized Google’s response by calling it shocking and eyebrow raising. Since WebView is a core component in the older versions of Android and is used by web services and apps to communicate with the internet, it is frequently targeted by criminals and hackers. By deciding not to issue patches for critical security vulnerabilities, Google has effectively opened a new and thriving market for hackers. Any new vulnerability discovered henceforth would remain around for years and could be used by criminals to target Android users who still prefer to use an older version of the operating system.

Beardsley also criticized Google for not making it clear which components of older Android operating systems are still being supported by the company. As things stand now, Google has stopped issuing new patches for the WebView component but it is open to releasing patches for other components (such as Audio Player) even for the older versions of Android. This is bound to confuse Android developers and make them reluctant to work on older versions of the operating system.

While Google’s decision to stop supporting older versions of Android is bound to shock users, it is not the only company which is indulging in such practices. Even Apple has been accused of similar tactics while dealing with older versions of iOS and OS X operating systems. However, unlike Google, Apple handles all security patches itself and even advises its customers to upgrade their systems as and when support for older version is about to stop.

---

• VPN Articles and News

February 17, 2015

• 0 Comments
• Leave Comment