Leave a comment

Google ends critical security updates for a billion Android users

I've got a scary update for Android users. Google has quietly decided to end security updates for a commonly used feature that could leave all users on Android 4.3 and below open to attack. That amounts to about 930 million users.

The feature is called WebView, and it lets apps on your gadget open Web pages without accessing another app. This is a major concern for Android users because WebView has been full of bugs in the past and is a known hacker target. WebView interacts with apps and other features on your phone, so it's a good tool for hackers looking to break into your gadget.

It’s also the favored vector for attack for nearly any remote code execution vulnerability in the mobile OS, according to Rapid7 engineering manager Tod Beardsley.

At the very least, Android 4.3 and below users should know that hackers who want to take advantage of WebView's security holes do have some obstacles to overcome.

Though the component is one of the more tempting targets for Android hackers, attackers would either have to get exploit code onto a web page displayed by a targeted app, or trick a user to follow links then rendered by WebView.

Next page: Protect your Android gadget
Check out the awesome robot toy that won CES
Previous Happening Now

Check out the awesome robot toy that won CES

See GM's new $30,000 all-electric hatchback
Next Happening Now

See GM's new $30,000 all-electric hatchback

View Comments ()