Google Inc. Not Fixing WebView Loophole

It was revealed last month that a small, but still dangerous, security loophole existed in the WebView feature that is an inherent part of all versions of Android. Now, it has been confirmed that Google Inc. (NASDAQ:GOOG) will not fix the loophole at all, at least not on the version of Android OS before 4.4. That means, over a billion people are currently at a security risk while using their smartphones.

WebView has been an intricate part of Android OS for quite some time now; the feature allows users to open up webpages within applications on their smartphones without being redirected to an external internet browser. This offers some convenience to the users; however it is not enough to outweigh the risk the feature poses at large.

The feature has required regular security updates to keep away hackers and malicious attackers from exploiting the security loophole the feature innately possesses ever since its conception. However, now that Google Inc. has confirmed the news of the abandonment of its responsibility to provide security patches to the WebView feature, almost a billion users of the Andorid OS all over the world are now at risk.

Android

However, Google Inc. seems to be justified in withdrawing this way, according to Tod Beardsley, a software developer at Rapid7. According to him, it is “a huge hassle” to go back to previous versions of the operating systems to cater to their needs when newer version demands all the attention of the developers. It is the only logical way forward for Google Inc., according to Beardsley.

But, Beardsely also recognizes the grave situation Google Inc. has created for over a billion users of the Android OS.

Beardsley argues he may withdraw from the maintenance of the software that he builds if it becomes a hassle for him, but he can only rightfully do so because “a billion people don’t rely on old versions of [his] software to manage and safeguard the most personal details of their lives.” In case of Google Inc. and Android OS, this is a liberty the company cannot enjoy simply because of the magnitude of the harm it would cause to the majority of its user base.

Hence, Beardsley hopes Google Inc. will reconsider its decision. Though, legally, such a move is not actionable in the court of law if harm does arise by such abonnement, as Google Inc. never promised its customers any end-of-life agreement with the End-User agreement users agree to with the use of the Android OS. However, it does affect the trust Google Inc. has built over the years with the Android OS. Users will be wary of storing important personal data on their smartphones running Android now, as Google Inc. may very well stop supporting the Android KitKat 4.4 any day now to shift its attention entirely to the latest Android 5.0 Lollipop.

It is unlikely Google Inc. (NASDAQ:GOOGL) would be moved by the distress call of the majority of Android’s user base. The company, in all probability, is waiting for the time the majority would shift to the latest versions of the Android. However, such a time-gap between the transition from old to new Android versions and the progression of Android versions at Google Inc.’s end may always exist. Google Inc. must consider this fact as well.