Google: Why we won't patch pre-KitKat Android WebView

Google: Why we won't patch pre-KitKat Android WebView - Info Computer Technology | Info smartphones and compare | Save Data From Loss | Software |Laptop
Google Has Finally Explained Why He Is Not Going To Develop It's Own Patches For WebView For Android Versions 4.3 and Earlier, even if it could leave more than 930 Million Android devices vulnerable to attack.

The decision of the company was only discovered recently after researchers reported a new security bug in WebView Google, only to be told that the company will not develop patches to WebView in Android 4.4 below KitKat. While thaset's two generations of the return OS, 60 % of Android users - about 930 Million users - are still being run Android 4.3 and below.

Android WebView is a component used by developers to display Web content in their Apps and it is the foundation of its browser in all versions up to 4.3 Android.

Although Google's decision affected nearly one billion users of Android, the company had not detailed the reasons for a decision that could endanger users or provided advice to consumers using the older Android versions how to stay safe.

Ardian Ludwig, chief engineer of Google Android for security, on Friday revealed the decision was due to the complexity of applying patches to older branches WebKit - the browser engine that was used in WebView and Chrome until Google forked in WebKit Blink for Chrome. (For a descent WebKit WebView in Android and Chrome, read this summary by the security researcher Joshua Drake).

"Until recently, we have also provided backports version of WebKit is used by Webview on Android 4.3 and earlier," says Ludwig. "But WebKit alone is more than five million lines of code and hundreds of thousands of developers add new commits each month, so that in some cases applying vulnerability fixes an old branch 2+ years WebKit changes needed in significant parts of the code and was no longer practical to do so safely. "

Moreover, he added, "the number of users who may be affected by WebKit legacy security problems shrinks every day more and more people improve or get new equipment."

Ludwig safety advice for the 60 % of users still on Android 4.3 and below is to use browsers that are updated by Google Play or browsers that provide their own content rendering. He cites the examples of Chrome, which is based on Android 4.0 and above, and Firefox, which supports Android 2.3 and Higher load. In other words, do not use the native Android browser comes with Android 4.3 and below.

Additionally, developers using WebView "Should Confirm that the trusted content only (eg loaded from a local source or via HTTPS) is displayed in WebViews in their Apps," He said.

-------------------------

About 

Labels: , ,

0 Comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Related Posts Plugin for WordPress, Blogger...