Android users on Android 4.3 or older are facing security risks to their phones and tablets after Google decided to stop delivering security updates.
Approximately 60 per cent of the world’s Android users currently use versions older than version 4.4, also known as Kit Kat.
Rapid 7, a security vendor who had contacted Google to fix security bugs associated with web page viewing component WebView, first brought the news to light.
In response to Rapid 7’s inquiry as to when a patch would be available to repair WebView’s vulnerabilities, Google responded:
“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration.”
The response also noted that, apart from notifying OEMs, Google would not be taking action on any report “affecting versions before 4.4 that are not accompanied with a patch.”
Rapid 7’s Tod Beardsley blogged that the lack of security updates means “picking company data off of Android phones is going to be drop-dead easy” and that “handsets will be increasingly in-scope for penetration testing engagements.”
“Unfortunately, this is great news for criminals for the simple reason that, for real bad guys, pretty much everything is in scope,” Mr Beardsley wrote.
Aleksej Heinze and Alex Fenton, lecturers in Digital Business at University of Salford, suggest Google’s decision is understandable when considering the fact Android is an open-source operating system.
“This approach is contrary to Google’s competitors – Apple’s iOS and Microsoft’s Windows Phone – who develop their operating systems entirely in-house and keep tight control of their code,” Heinze and Fenton wrote on TheConversation.com.
Heinze and Fenton said Google’s decision may encourage manufacturers and suppliers to provide more software updates and reduce the devices currently using out-of-date software.
“Ultimately, the key message is that we need to start thinking of mobile devices as computers, not just phones, with all the caveats about security software, updates and precautions which that entails. This could be the tough love from Google that pushes people in that direction.”