Updating mobile web browser
This problem is fixed in Android 4.4 and 5.0, but more than 60 percent of Android devices are stuck on devices that won’t receive any security fixes. Manufacturers put out a huge number of different phones and modify the code extensively.
This is a dirty hack around the rotting browser code in Android itself.
Really, Google sees updating devices to Android 4.4 as the fix, and device manufacturers should be working on that instead. Building the browser deep into the operating system so it can’t be quickly updated to fix security holes was a terrible decision, and we can only be thankful they’ve now changed the way modern versions of Android work.
Device manufacturers and cellular carriers deserve a lot of the blame for not updating devices promptly.
It’s a pretty crazy recommendation, but developers may actually want to consider this — especially if security is particularly important to the app. Well, we haven’t heard of anyone exploiting it yet.
But Google’s clear signal that 60 percent of all current Android devices won’t be receiving browser security patches has surely been welcome to attackers.
The browser engine is used in every Android app that uses an embedded web browser, known as a “Web View.” This built-in browser is based on an old version of Web Kit, and a serious flaw was recently discovered in it and reported to Google.