Android Jelly Bean (4.3) might be a bit long in the tooth now, but the version still accounts for almost 60% of Google’s Android install base. Lollipop might be the latest and greatest version of Android, but the vast majority (like 95%) of hardware does not run on it –– but some things never change.
Running older software is fine. Not ideal, but usually it’s harmless. A new exploit has been discovered in Jelly Bean, however, and questions have now been asked about what Google intends to do about it. Oddly, the Big G plans to do nothing other than make its hardware partners aware of the problem.
Todd Beardsley, concerned about almost 1 billion people being affected by this exploit, got in touch with Google to solicit some answers. Beardsley spoke to the Android security team, and they told him in no uncertain terms the following:
“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”
The flaw affecting Android Jelly Bean exists in WebView, which is a core component used in rendering web pages, and –– according to some reports –– it could affect almost one billion Android users globally.
“There are roughly 1.56 billion phones with Android on them, and if 60% are running the now non-supported version of Android, that means roughly 930 million phones are now vulnerable,” reports Neowin.
Google is implying it is up to its hardware partners to sort this mess out, but seeing that Android Jelly Bean is only three years old one could argue that Google has an ethical responsibility to fix this. At least, that’s our take on the situation.