Google executive Adrian Ludwig in his Google+ post has revealed that they are aware of vulnerability in Android 4.3 Jelly Bean’s default browser; but surprisingly are not working to fix it.
Most used Android’s version of Jelly Bean vulnerable to hacking?
Android 4.3 Jelly Bean still remains the mostly used Android version; with 60 percent of Android users still running Android 4.3 or lower versions compared to 39.1 user running Android Kitkat 4.0 and a meager 0.1 percent running the latest Android 5.0 Lollipop which was only launched last November.
Ludwig, Android chief of security revealed in his Google+ post that they are aware of the bug in the unbranded default browser of Jelly bean, but Google is not looking to fix it. Rather, he suggested users either to upgrade to latest versions for sake of security or to use a different browser like Google Chrome or Firefox. Justifying their view, Ludwig said that the browser app was designed on legacy Webkit browser engine; working on WebView bugs on Android 4.3 was practically unfeasible.
Is Google backstabbing?
Well though it would be harsh to term this as backstabbing, Google did confirm that Ludwig has represented their official approach.
What does it mean for the average Android user? It means, hackers can expose the bug on the huge number of devices running Jelly bean 4.3.While Ludwig argued that number of users running Jelly Bean is on the fall each day, still many users are feeling left behind.
Ludwig has suggested either upgrading the OS or using a different browser. But, does it provide the best case solution? Probably not. While Lollipop 5.0 loaded Nexus comes with a price tag of $649.99, the ones running older Android versions’ price hover around less than half that amount. Simply switching the browser comes with an inherent problem; being default browser, the unbranded browser opens whenever any link clicked. Experts are of the opinion that updating old codes is a realistic problem for Google and they have gone for the most practical solution to address the vulnerability.
What are your views on the vulnerability?
Jelly bean default Android browser vulnerable to hacking; Google not to fix