Google stops patching core Android component in 60% of devices
Google has stopped patching a core component of Android in versions older than v. 4.4, aka “KitKat,” a security researcher said today, as he urged the company to reconsider the policy that could leave more than 60% of all Android users vulnerable to future attacks.
On Monday, Tod Beardsley, the engineering manager at security vendor Rapid7, claimed that Google’s security team said they would not craft fixes for flaws in WebView for Android 4.3 and older. Android 4.3, the predecessor to KitKat, is better known as “Jelly Bean.”
WebView is a core operating system component that powers the stock Android browser included with Jelly Bean — Google replaced that browser with Chrome in KitKat — and is called by apps that display a Web page in KitKat and earlier. (A much-changed WebView was spun out of the operating system as of Android 5.0, aka “Lollipop.”)