Spying Agencies are taking over the world, Android is breaking the news and more. But, do Google care about their user base? The answer can be tricky, as on one side, they are trying to reform surveillance and on the other hand they are failing to fix one billion Android device that can be fatal to the user base.
We try to find the answers by revealing some of the facts surrounding the whole fiasco.
We see Google as the leader in creating the web and revolutionize everything around us. They have come up with Google CardBoard, the Autonomous Google Car and more. But, How can they fail in securing millions and billions of smartphones around the world?
The Android Bug affecting billions of device
The Android bug is in the WebView Component that is used to create web pages on Android Device and this Android bug affects all devices that are running Android OS below 4.4 KitKat. According to the Google Security Team, the WebView component is an integral part of the OS core and that’s why it is tough to solve the issue.
Google was caught hands down with similar failures in the past, one being NSA penetrating their servers stealing tons of user information. The story of WebView bug came into light when Rapid7’s Tod Beardsley first found it and reported to the Google Security team. The impact of the bug can be massive taking the fact in mind that they are there are billions and millions of Android device that are running android version below 4.4.
Google Response to the Fiasco
The good part of the fiasco is that they have not hesitated to acknowledge the bug, but they also mentioned that they are stuck in releasing a fix for the Android device that are infected with the bug. They have also mentioned that they will allow 3rd party security team to fix the bug and deliver the fix to the Android device all over the world.
“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration”.
“Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”
The real reason, why they are not able to patch the bug is the severity of the bug and it is not possible for Google to ship the security fix to billions of devices all over the world. Another obvious reason is the place of WebView component in the OS. According to Google, updating the core is not an easy task.
Google’s past experience with fixing huge scale security bugs has not been successful and that can be bad news for the Android users all over the world. The only fix is to update to Android 4.4 or above. The reason is simple; WebView is not a component of Core OS and security fixes will be released for Android 4.4 and above.
Do You Have anything to add to the story? Comment below!