A major security flaw has been found in Android, Google's phone software.
The bug could allow hackers to gain control of a device if the user is running an old version of the software.
However, the search giant has come under fire for saying it will not address the issue - which experts say could leave up almost a billion users vulnerable.
The flaw is in WebView, a component used to render web pages on an Android device inside an app that's not necessarily an Internet browser, which affects all Android versions before Android 4.4 KitKat.
Android 4.4 and 5.0, are unaffected.
However, around 60 percent of Android users are using 4.3 or below, and are at risk
'If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration,' said Google.
'Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.'
Rapid7's Tod Beardsley discovered the security bug, and Google's response, which he described as 'some eyebrow-raising news.'
WebView is used in about 930 million Android devices, Beardsley said.
'Unfortunately, this is great news for criminals for the simple reason that, for real bad guys, pretty much everything is in scop,' he said.
He called for Google to take action.
'As a software developer, I know that supporting old versions of my software is a huge hassle.
'I empathize with their decision to cut legacy software loose.
'However, a billion people don't rely on old versions of my software to manage and safeguard the most personal details of their lives.
'In that light, I'm hoping Google reconsiders if (when) the next privacy-busting vulnerability becomes public knowledge.'
Beardsley told ZDNet that he learned of the policy change last October and suspects it coincided with the release of Android 5.0 Lollipop, the klatest version of Google's Android software..
'It's important to consider that there is no published end-of-life or end-of-support policy from Google with regard to any version of Android.
(dailymail.co.uk)
ANN.Az
Follow us !
