Android bug leaves nearly one billion handsets vulnerable

A security vulnerability that affects nearly one billion Android handsets has been outed by a security expert.

Tod Beardsley, an analyst with Rapid7, claims that all Android versions below Android 4.4 KitKat are affected by the issue, as reported by BGR.

This puts the total number of at-risk devices at somewhere around 939 million. Ouch.

So what’s actually gone wrong? Well apparently the issue is with Android WebView, a core bit of software for older versions of Android.

In short, it lets apps show web pages without having to open a completely separate application.

According to Beardsley, this is what makes the bug particularly potent – WebView interacts with other apps, leaving all of them potentially vulnerable.

Fortunately, anyone running KitKat or later won’t need to worry about this issue because Google replaced WebView completely.

What’s unfortunate however is that somewhere around 60 per cent of Android devices are running Jelly Bean or below.

Lollipop, which is the latest version of Android, touts an OS version share of less than 0.1 per cent.

Slow and fragmented OS updates mean that unlike Apple’s iOS userbase, many Android users are left using very old operating systems that can often be susceptible to newer exploits.

Related: How to switch from iPhone to Android: A simple guide to going Google

So why has Google left the bug open? Beardsley explains: “Maintaining support for a software product that is two versions behind would be fairly unusual in both the proprietary and open source software worlds.”

“On its face, this seems like a reasonable decision.”

The best thing to do if you’re worried about this bug is update your handset to Android 4.0 or higher, circumventing the issue entirely.