Flaw in almost a billion Android Jelly Bean 4.3 devices goes unpatched

Flaw in almost a billion Android Jelly Bean 4.3 devices goes unpatched

by Pete Daniel on 22 January 2015 · 2004 views

Google is exhibiting some strange behavior of late when it comes to security of their own operating system and that of Microsoft Windows as well. Having published specific details about newly discovered vulnerabilities to versions of the Microsoft Windows operating system before giving the Redmond software company time to develop and release a patch to remedy the situation, Google itself is leaving almost a billion users vulnerable to a security flaw themselves. Worse still, there are no signs that they even plan to plug the security hole or arrange for others to do so either.

1 full Flaw in almost a billion Android Jelly Bean 43 devices goes unpatched

Jelly Bean Flaw That Doesn't Taste Great

The issue resolves around Android 4.3 Jelly Bean which having been first released in 2012 is still 60 percent of the Android user base presently. Whilst Android phones are often replaced more quickly due to the destructible nature of smart phones that go everywhere with us and can be lost, stolen or dropped early into their short life, this is unlike PCs which can have a shelf life lasting half a decade or even longer is some cases.

Budget Phones Sold With Older Mobile OS

However, budget smart phones are still being sold with older versions of Android either because it is cheaper for the phone manufacturer to supply it or because the lower-powered hardware simply doesn't support the latest Android version. Because of this older Android versions will still be used perhaps longer than one might initially expected.

WebView Flaw in Android 4.3 Jelly Bean

3 large Flaw in almost a billion Android Jelly Bean 43 devices goes unpatched

The flaw in Android 4.3 Jelly Bean revolves around WebView which is a core component of Android which helps the operating system display web pages successfully. The flawed WebView component is used by over 900 million users given the 1.56 billion estimated phones with a version of Android OS (according to Gartner figures) of which fully 60 percent still use Jelly Bean 4.3.

Updating to Resolve Security Issues

The situation is a little different to a PC that is running an older version of Windows software because the user can often choose to upgrade their operating system to a newer version. Some newer versions of Windows will present problems as often hardware and peripherals will not be compatible or fail to have software drivers that will let them work on the newer Windows version. However, usually users can still update to the next version along even if they cannot buy the latest Windows operating system for their existing hardware.

In the case of Android, most manufacturers supply their own OS skin (such as TouchWiz from Samsung) which goes over the top of plain vanilla Android. Only if the smart phone hardware manufacturer bothers to update their skin implementation to make it compatible with a newer Android version like Android 4.4 KitKat can users possibly upgrade. This only happens if the hardware manufacturer then offers the software upgrade via the Android updating process. Few hardware manufacturers update older phones and many are slow to even update their state of the art phone models. This presents smart phone owners with the problem of not being able to upgrade their way out of security flaws and problems with older versions of mobile OS software.

Four Year Old Android Jelly Bean 4.3 No Longer Supported By Google

For these reasons, it is unusual that Google do not feel that it is their responsibility to ensure core components used in their own mobile operating system are updated. A version of Android that is barely even 4 years old should not yet be on the list of software that it no longer supports, and yet, it is. It is fair to say that buyers of budget model smart phones with older an Android OS installed are not aware that they may be hung out to dry by the search giant when software updating becomes too much like hard work.

Google needs to do better if they wish to win over converts from Apple who do a good job of updating their iOS mobile operating system and ensuring that it works on multiple iPhone handsets going back several years.

Comments (0)
Featured Articles