large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Android bug leaves nearly one billion handsets vulnerable

A security vulnerability that affects nearly one billion Android handsets has been outed by a security expert.

Tod Beardsley, an analyst with Rapid7, claims that all Android versions below Android 4.4 KitKat are affected by the issue, as reported by BGR.

This puts the total number of at-risk devices at somewhere around 939 million. Ouch.

So what’s actually gone wrong? Well apparently the issue is with Android WebView, a core bit of software for older versions of Android.

In short, it lets apps show web pages without having to open a completely separate application.

According to Beardsley, this is what makes the bug particularly potent – WebView interacts with other apps, leaving all of them potentially vulnerable.

Fortunately, anyone running KitKat or later won’t need to worry about this issue because Google replaced WebView completely.

What’s unfortunate however is that somewhere around 60 per cent of Android devices are running Jelly Bean or below.

Lollipop, which is the latest version of Android, touts an OS version share of less than 0.1 per cent.

Slow and fragmented OS updates mean that unlike Apple’s iOS userbase, many Android users are left using very old operating systems that can often be susceptible to newer exploits.

Related: How to switch from iPhone to Android: A simple guide to going Google

So why has Google left the bug open? Beardsley explains: “Maintaining support for a software product that is two versions behind would be fairly unusual in both the proprietary and open source software worlds.”

“On its face, this seems like a reasonable decision.”

The best thing to do if you’re worried about this bug is update your handset to Android 4.0 or higher, circumventing the issue entirely.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.