Google Gives WebView the Cold Shoulder

 

 

 

Google has decided not to fix vulnerabilities in WebView for Android 4.3 and older, sparking heated discussions among developers.

Those versions of WebView run on the WebKit browser. Fixing them "required changes to significant portions of the code and was no longer practical to do so safely," Adrian Ludwig, lead engineer for Android security, explained last week in a post.

Ludwig recommended steps users and developers can take to mitigate the potential exploitation of WebView vulnerabilities without updating to Lollipop, or Android 5.0.

The decision will leave 930 million users of Android devices in the lurch, Tod Bearsley warned earlier this month.