Skip to main content

Google explains why it's not fixing web security in old Android phones


You might not be happy that Google isn't fixing a web security flaw in your older Android phone, but the search giant now says that it has some good reasons for holding off. As the company's Adrian Ludwig explains, it's no longer viable to "safely" patch vulnerable, pre-Android 4.4 versions of WebView (a framework that lets apps show websites without a separate browser) to prevent remote attacks. The sheer amount of necessary code changes would create legions of problems, he claims, especially since developers are introducing "thousands" of tweaks to the open source software every month.

Ludwig suggests a few things you can do to avoid or mitigate problems, though. For a start, he recommends surfing with browsers that don't use WebView but still get updates, like Chrome (which works on devices using Android 4.0) and Firefox (which runs on ancient Android 2.3 hardware). Hackers can't abuse the vulnerable software if you're not using it, after all. The Googler also tells app creators to either use their own web rendering tech or limit WebView to pages they can trust, like encrypted sites.

The advice should help if you're either a tech-savvy user or write apps. However, it still hints that quite a few people will remain at risk until those older releases of Android ride into the sunset. Many Android device owners aren't aware of alternatives to the stock Android browser, or can't easily get them (you have to jump through hoops to install Chrome if you can't use the Google Play Store, for instance). Also, there's no simple way to tell whether or not an app is using WebView. The chances of an attack are low if you're careful, but it could take a long, long while before the majority of Android gadgets are truly safe from WebView-related web exploits.


Source: ENGADGET

Comments

Popular posts from this blog

PRIVACY POLICY

Privacy Policy Last updated: February 20, 2024 This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You. We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Free Privacy Policy Generator . Interpretation and Definitions Interpretation The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural. Definitions For the purposes of this Privacy Policy: Account means a unique account created for You to access our Service or parts of our Service. Affiliate means an entity that controls, is con...

Child-friendly Galaxy Tab 3 Kids listed in Korean brochure

We're no experts in Korean back-to-school literature, but it looks as if one retailer has tipped Samsung's plans a little early. If the documents above are legitimate, then the company will launch a kiddie-focused Galaxy Tab in short order. The Galaxy Tab 3 Kids is said to be an 8.5-inch slate with a 1.2GHz dual-core CPU, a 1,024 x 600 WSVGA display, 8GB storage, 1GB RAM and Jelly Bean. The company has also seen fit to include 802.11 a/b/g/n WiFi, Bluetooth 3.0, a microSD card slot (no word on capacity) and a 4,000mAh battery. One thing that lends weight to the listing is that the device's model number is SM-T2105, which evleaks tersely described as a "Galaxy Tab for children" a month ago. There's more pictures over at the source, but not a single spec saying that this new device is resistant to jam-smeared fingers. Source: ENGADGET

So this is basically / Asi que esto es basicamente... [SPANISH TEXT]

Si amigos, basicamente la idea del blog fue introducir a todos en el mundo de la tecnologia y hacer que esta no fuera tan "compleja" o "complicada" para todos. Ultimamente no hago reviews propios, ya que me tomo la molestia de elegir buenas noticias (que considero) para su placer informativo (bueno, las visitas me dicen que lo estoy haciendo bien) Pero, y si algun dia llegase a terminar todo? Regalar el dominio? Vender el blog? Nah, muchas veces me lo he preguntado pero... por algo senti el deseo de escribirles, desde mi misma mano y tecla, porque esto es lo que me apasiona: la tecnologia, la programacion, el llevar todo niveles superiores, exponenciar mi capacidad de analisis. De esto se trata todo, esto es basicamente el alma del blog: tecnologia. Actualmente me encuentro en otra ciudad, desde hace ya 1 mes. Las cosas han estado normales, pues dentro de lo que alguien podria definir de "normal". Gracias a Dios no me hace falta lo basico, desafortunad...