ID: IRCNE2015012409
Date: 2015-01-26
According to “CNet”, People with Android smartphones and tablets running older versions of the mobile operating system -- around 60 percent of all Android users -- are going to have to live with a security flaw Google has decided not to fix.
A known security bug in the default, unbranded Web browser for Android 4.3 Jelly Bean and older versions of Google's mobile OS will go unpatched, Google's chief of security for Android wrote in aGoogle+ post on Friday.
"Keeping software up to date is one of the greatest challenges in security," Adrian Ludwig wrote. Because the browser app is based on a version of the WebKit browser engine that's now more than two years old, fixing the vulnerability in Android Jelly Bean and earlier versions is "no longer practical to do safely," he wrote.
Google confirmed on Saturday that Ludwig's post is the company's official position on the matter.
The company's decision has upset security experts, who worry hackers will be able to easily target the hundreds of millions of people using phones and tablets that run older versions of Android. Ludwig contends the number of people potentially affected by the vulnerability is "shrinking every day." But for security professionals, it's just not shrinking fast enough.
According to Google's own Android usage numbers, 39.1 percent of its smartphones and tablets run a newer, unaffected version of Android: 4.4 KitKat. The most recent version of the operating system, Android 5.0 Lollipop released in November, makes up less than one-tenth of 1 percent of Android devices in use. That means about 60 percent of Android devices run versions of the OS that included the susceptible browser by default.
Ludwig recommends people on Android 4.3 or older use a different Web browser. He suggests Google Chrome, which works on Android 4.0 Ice Cream Sandwich and newer, or Mozilla Firefox, which works on Android 2.3 Gingerbread and newer.
- 2