criticized for not attacking security flaw in older devices

BY GreenBot Staff

Published 12 Jan 2015

The alarm bell is once again ringing over Android security.

A Forbes report cites security experts dinging over the company’s decision to no longer issue security updates for bView in devices running Android 4.3 (lly Bean) or lower.

bView is a key component of the Android OS that lets apps show web content inside of an app instead of kicking you over to a browser. It may be used in RSS readers or other applications that connect you to web content—it’s often more convenient to read an article or fill out a form without needing to leave the app. However, the danger is that a hacker could exploit a vulnerability in bView sneak in some malicious code, thereby infecting your device.

th KitKat (Android 4.4), bView is now based on Chromium, which powers the Chrome browser, making it more secure. In llipop (Android 5.0), unbundled bView from operating system updates, so it can get regular security patches performance improvements through ay. Chrome is a major piece of the empire, so it’s a high priority in terms of keeping things stable secure.

That’s not going to help those using an older device. However, even if did issue a patch, it would require an OS update for you to get it on an older phone or tablet. There are millions of devices out there still running lly Bean, Ice Cream Swich, or even Gingerbread. Often hardware makers cut ties with older devices, hoping you’ll buy a new one. Once pushes out an update to Android, it’s up to the phone makers to decide who gets it.

So, while there are nearly a billion users in the world who will no longer receive bKit security updates from , it’s certainly true that a huge portion of them are no longer getting OS updates at all, anyway. Thus the real impact of ‘s decision not to update bKit for pre-KitKat devices is rather hard to measure.

It looks that is taking the long view with this issue, focusing its efforts on a better method for addressing bView security than chasing flaws to make patches that wouldn’t get deployed to older phones, anyway. This latest security issue is another symptom of how large fragmented the Android ecosystem really is.

y this matters: ether it’s fair or not, Android has been pegged as the “less secure” operating system when compared to iOS. Yes there are plenty of cheap Android phones that don’t get updates are probably insecure, but by large if you stick to one of the big-br flagship devices follow good security practices you should be all right.