This has got to suck for Android users.
Recently, an exploit has been uncovered in the WebView component of Android 4.3. Which by any reasonable estimated is run by roughly 60% of the Android install base. The kicker is that Google is saying that they will not patch the flaw. Google’s only reasoning seems to be that they are not fixing vulnerabilities in 4.3 (introduced in June 2012) anymore, as they have moved focus to newer releases. It would appear that over 930 million Android phones in use are out of official Google security patch support. Which means that if you can’t upgrade to a newer Android OS, you are screwed. Here’s what Rapid 7 had to say:
Google’s reasoning for this policy shift is that they “no longer certify 3rd party devices that include the Android Browser,” and “the best way to ensure that Android devices are secure is to update them to the latest version of Android.” To put it another way, Google’s position is that Jelly Bean devices are too old to support — after all, they are two versions back from the current release, Lollipop.
On its face, this seems like a reasonable decision. Maintaining support for a software product that is two versions behind would be fairly unusual in both the proprietary and open source software worlds; heck, many vendors drop support once the next version is released, and many others don’t have a clear End-Of-Life (EOL) policy at all. (An interesting side note: neither Google nor Apple have a published EOL policy for Android or iOS, but Microsoft and BlackBerry provide clear end of life and end of sales dates for their products).
Now, I completely understand why Google might want to constrain their development efforts. Especially since Android is so fragmented with each vendor taking the base Google Android OS of the day and doing their own thing. But not publishing it to their users nor fixing a bug that is kind of serious is a #fail. Thus Android users should prepare to get “Pwned” and “Pwned” often.
Like this:
Like Loading...
Related
This entry was posted on January 12, 2015 at 11:16 pm and is filed under Commentary with tags Google. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
If You Have An Android Phone With Android 4.3, You’re Out Of Support
This has got to suck for Android users.
Recently, an exploit has been uncovered in the WebView component of Android 4.3. Which by any reasonable estimated is run by roughly 60% of the Android install base. The kicker is that Google is saying that they will not patch the flaw. Google’s only reasoning seems to be that they are not fixing vulnerabilities in 4.3 (introduced in June 2012) anymore, as they have moved focus to newer releases. It would appear that over 930 million Android phones in use are out of official Google security patch support. Which means that if you can’t upgrade to a newer Android OS, you are screwed. Here’s what Rapid 7 had to say:
Google’s reasoning for this policy shift is that they “no longer certify 3rd party devices that include the Android Browser,” and “the best way to ensure that Android devices are secure is to update them to the latest version of Android.” To put it another way, Google’s position is that Jelly Bean devices are too old to support — after all, they are two versions back from the current release, Lollipop.
On its face, this seems like a reasonable decision. Maintaining support for a software product that is two versions behind would be fairly unusual in both the proprietary and open source software worlds; heck, many vendors drop support once the next version is released, and many others don’t have a clear End-Of-Life (EOL) policy at all. (An interesting side note: neither Google nor Apple have a published EOL policy for Android or iOS, but Microsoft and BlackBerry provide clear end of life and end of sales dates for their products).
Now, I completely understand why Google might want to constrain their development efforts. Especially since Android is so fragmented with each vendor taking the base Google Android OS of the day and doing their own thing. But not publishing it to their users nor fixing a bug that is kind of serious is a #fail. Thus Android users should prepare to get “Pwned” and “Pwned” often.
Share this:
Like this:
Related
This entry was posted on January 12, 2015 at 11:16 pm and is filed under Commentary with tags Google. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.