New Android bug leaves billions of non-KitKat devices vulnerable to security threats
A recently discovered bug now puts about 60 percent of Android smartphones and tablets under a serious bit of threat. Beware, if you own a device that is running a version of Android older than Android 4.4 KitKat, you may find yourself in the danger zone.
Engineer Joe Venniz from Rapid7 and an independent researcher Rafay Baloch reported this bug. It seems to reside in the WebView of Android variants older than KitKat. What it does is that it exposes the content you view to other apps without opening another app. This can expose sensitive information on your device to the outside world. That won’t be a pretty sight now, would it?
Android versions KitKat and Lollipop remain unharmed since they use Blink instead of WebKit for the WebView component. The browser still accounts for nearly half of the traffic despite having been replaced by Google Chrome. Google clarifies that it doesn’t develop patches for old versions of WebView itself. Thus, it refused to be able to take any action to overcome this besides notifying OEMs.
Users are left with very few options. Your best bet is to update the OS further in order to eradicate the threat completely. In case that’s not possible it would be sensible to completely stop accessing apps that cannot be trusted. You can’t expect OEMs to update each and every device but Google has added more functionality in Play Store and Google Play Services. Let’s hope there’s a proper fix in the near future.