What happened?
Google said it won’t fix a security flaw in old versions of Android that affects an estimated one billion phones and tablets worldwide. The vulnerability – identified by researchers at US security company Rapid7 (www.snipca.com/15050) – only exists in devices running Android 4.3 (known as Jelly Bean), which was released in 2012, or earlier versions. It was found in WebView, an element of Android used to show web pages in apps that aren’t browsers, such as when you click a link in Facebook.
Google told Rapid7 that they “generally” don’t develop fixes for bugs in versions before 4.3, and “will not be able to take action” to patch this particular flaw. The company’s decision drew widespread criticism because it leaves around two-thirds of Android devices at risk. The latest figures show that 61 per cent of devices still run Jelly Bean or earlier, while 39 per cent run its successor KitKat (4.4), or the latest version Lollipop (5.0).
What should you do?
First off, check which version of Android runs on your device. Tap the Settings (cog) icon, swipe down, tap ‘About phone’ or ‘About tablet’ (see bottom of screenshot) and look under ‘Android version’. If it shows 4.4 or higher, then you don’t need to worry.
You may also see that an Android update is available. If so, install this because it may update your device to KitKat or Lollipop. If there’s no update available, and you see 4.3 (or earlier) under ‘Android version’, you shouldn’t panic because there’s no evidence that hackers have exploited the flaw. Indeed, some security experts doubt whether hackers could use it to infect devices. But if you’ve been considering buying a new Android device, now would be a good time.
