Surveillance Agencies have so much in common with Google, now-a-days. A little cynical thought, but Google is proving themselves as one of the companies that do not care much about their user’s security.

Google has been the front-runner in the security department. They not only keep their products free from bugs, but also participate in other major software security. Now, they have left a big bug that needs to be fixed. The Android Operating System that become faulty in their WebView component that is used to render web pages.

From my own working experience with WebView, they are the integral part of the Android Operating System and need special attention from the Google Security System. This is not the first time Google has caught napping in their efforts to protect their products and services from being hacked. The biggest case that goes against Google security strategies is the penetration of NSA in their secure system, stealing tons and tons of secure data from their datacenter.


The current situation is worse because of the number of below Android 4.4 Kitkat users. The bug was first reported by Rapid7′s Tod Beardsley who warned that the security bug can be fatal for the Android users who are using versions below Android 4.4. When we take the number of Android Users across the world and count them according to statistics, the security bug looks more severe. The impact can be more than expected and ultimately the users will be hampered.

Google Response

Google has at least acknowledged the security bug. Even after knowing the severity of the security disease, they are not offering a real fix for the issue. The only right part of Google in the whole scenario is accepting third-party patches for the devices.

In support of the work of third-party patches, Google releases the following statement, “If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration”. They also added, “Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”


So, Why Google is not patching the security bug? There can be many reasons, but the core reasons suggest that the security bug is buried deep in the Operating System. And to kick-start the updates for the OS, they have to start releasing OS updates with the OEM’s that will cure the security bug. The massive impact of the security bug can be gauged by the scale of the OS update Google need to fix the security bug.

Earlier attempts to patch core OS bugs were neither timely or successful and this can be good news for hackers who are trying to steal information from your computer.

The Android 4.4 and above version users will not be affected by the security bug as WebView is not the core component of the Operating System. Furthermore, Google Play Services, Apps find themselves in safe place as they can be updated easily without the interference of OEMs and Carriers.

 

 

  • Share/Bookmark