Dear Valued Visitor,

We have noticed that you are using an ad blocker software.

Although advertisements on the web pages may degrade your experience, our business certainly depends on them and we can only keep providing you high-quality research based articles as long as we can display ads on our pages.

To view this article, you can disable your ad blocker and refresh this page or simply login.

We only allow registered users to use ad blockers. You can sign up for free by clicking here or you can login if you are already a member.

Use Android 4.3 Or Older? Google Inc (GOOGL) Has Just Abandoned You

Google Inc (NASDAQ:GOOGL), overseer of the world’s largest mobile operating system, has just abandoned more than 930 million Android users and left them and security researchers to fend for themselves in case hackers exploit a particular core component of Android.

Affected in this issue are users of Android 4.3 Jelly Bean or older, according to Tod Beardsley of Rapid7, an IT security company. In other words, most Android users are affected after Google Inc (NASDAQ:GOOGL) silently killed future security patch support for WebView, the core Android component in question.

WebView enables applications to display websites inside apps without initiating another application (normally an internet browser application). WebView is also a favorite attack route for hackers as it provides the possibility of remote code execution in Android.

In Android 4.4 KitKat, Beardsley said that WebView was replaced by a Chromium-based version. This version essentially separated the component from the Android operating system and made it updateable via Google Play. The problem is, with Android 4.3 and older, it’s still bundled with the operating system and cannot be updated via the Play Store.

Beardsley said that when his colleague Joe Vennix and independent security expert Rafay Baloch reported an exploit with pre-Android 4.4 WebView, Google responded essentially saying they are not developing WebView patches for Android 4.3 or older anymore.

“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch,” Beardsley quotes the incident handlers at replying in an email.

Beardsley added that the incident handlers at the technology giant also said, “If patches are provided with the report or put into AOSP we are happy to provide them to partners as well.”

Google, Android, 4.3 Jelly Bean, 4.4 KitKat, 5.0 Lollipop, WebView, security, hackers, exploits, security vulnerabilities, is GOOGL a good stock to buy, security patches,

What this means is that if a WebView exploit is found on a device running on Android 4.3 or an older version, Google will only send out a patch if it is reported and if the security researcher or a phone manufacturer comes up with the very solution for the problem.

The decision to end security patches for Android 4.3 or older makes sense, Beardsley said, since Jelly Bean is, after all, two versions away from the most recent Android Version which is 5.0 Lollipop.

However, he also pointed out Google’s own data which shows that Android 4.4 KitKat accounts for just 39.1% of all Android users out there. Lollipop is not yet even included in Google’s tables and the security researcher said that it’s just 0.1% of the whole Android populace. That means affected by this silent change in Google’s policy which may be harmful are over 60% of Android users, or over 930 million users.

The danger is only heightened by the fact not every smartphone will have the opportunity to be updated to the latest version of Android. Manufacturers with the help of carriers can update every handset they release to the latest Android version, but we know that does not happen at all as they only often update their latest phones.

Users can also do it themselves but that is a fairly complicated process for the average user. Even more complicated for the average user will be to comb through open source Android repositories, or do their very own digging to discover vulnerabilities, and come up with patches themselves. That’s virtually impossible for the average user who also will not commit that much time to WebView.

So thanks, Google Inc (NASDAQ:GOOGL). Thanks a lot.

Shareholders of Google Inc (NASDAQ:GOOGL) includes Boykin Curry’s Eagle Capital Management which reported owning 790,560 Class A shares by the end of September. Valued then at about $465.17 million, it accounted for 1.79% of the firm’s whole portfolio. It also owned 844,221 Class C shares in the web giant by the end of 3Q2014.

Disclosure: None

Biotech Stock Alert - 20% Guaranteed Return in One Year

Hedge Funds and Insiders Are Piling Into

One of 2015's best hedge funds and two insiders snapped up shares of this medical device stock recently. We believe its transformative and disruptive device will storm the $3+ billion market and help it achieve 500%-1000% gains in 3 years.

Get your FREE REPORT and the details of our 20% return guarantee today.

Subscribe me to Insider Monkey's Free Daily Newsletter
This is a FREE report from Insider Monkey. Credit Card is NOT required.
Loading Comments...

Thanks! An email with instructions is sent to !

Your email already exists in our database. Click here to go to your subscriptions

Insider Monkey returned 102% in 3 years!! Wondering How?

Download a complete edition of our newsletter for free!