Google policies on bug-fixing older Android code viewed as security risk
For PC users, this week marks an important date, as Microsoft’s mainstream support for Windows 7 ends. Even with no new features being delivered, security updates for the platform will continue for the next five years – not too shabby, especially for a platform that’s already as old as it is. Can smartphone users expect the same kind of support for their mobile operating systems? Not with Google, apparently, as security researchers clash with the company behind Android over willingness to address security holes in widespread, but aging software.
The issue at hand is the old Android default browser, back before Chrome became king. Even though Google may not be continuing to develop that old browser any longer, there are still significant numbers of users on devices running older versions of Android, and correspondingly, still using that default browser.
While Google had been accepting bug reports on browsers issues in the past, it’s apparently stopped delivering fixes. One dev was told this past fall that Google generally wouldn’t patch any vulnerabilities for the browser affecting devices running Android 4.3 or earlier. Instead, the company seemed to pass the buck, only offering that it would make reports of such vulnerabilities available to its partners.
The end result of all this is that users of older Android phones may find themselves using software with known security vulnerabilities that go unpatched, potentially leaving themselves open for attack.
The question of where blame and responsibility lie here is a complicated one. Should OEMs be updating these old phones to newer versions of Android? Should the users themselves just buy newer devices? Does Google owe it to its users to keep them secure for years to come, like Microsoft does with its desktop users? We don’t have easy answers, and all we can suggest is to remain vigilant yourself, taking whatever steps you can to make sure that your software’s as up-to-date as you can get your hands on.
Source: The Wall Street Journal