So recently Google has been getting nothing but flak from the online community in regards to an existing security issue in Android 4.x.x with the exception of Android 4.4.x (Kitkat). I’ve been watching this problem, and reading about it for the last 2-3 weeks or so.
Apparently in Kitkat Google overhauled WebView completely, and probably for a good reason. Here is a good read about it. What really surprised me is the fact that professional sites the likes of Ars and others are siding with the hardware manufacturers. Which leads me to believe and confirms my previous suspicions, these hacks know very little about technology or are getting kickbacks from companies.
First they need a lesson on Linux versioning which can be found here. The basics of it… 4.x.x denotes a major revision with new features and major updates, think Windows 7 vs Windows 8. 4.4.x is a minor revision with bug fixes and probable feature additions and fixes, think Windows Service Packs. 4.4.4. is an insignificant update generally associated with bug fixes only, think Windows Updates.
As far as I am concerned Google did their part, they updated Android 4 all the way to 4.4.4, overhauled WebView and inturn fixed what was ailing previous versions of it on Android. This practice is similar to Windows releasing service packs, going from Windows 8 to Windows 8.1. The underlying OS is the same, however some features were fixed or replaced.
I’m glad this issue is getting the light of day, because this raises a bigger problem that exists with the OEM Android hardware manufacturers, NOT with Google.
The culprits responsible for this issue are the OEMs. The Samsungs of the world. They are the ones responsible for updating their hardware with the software that Google provides them. They have Android 4.4.4 which is immune to the issue, but the problem is that the life expectancy of their devices is so short. So short that you might get one or two software revision updates if your lucky. The life expectancy of a Samsung phone is 1.5-2 years at most. The S4 is getting it’s last update this spring to version 5. I guarantee you after this the S4 will be abandoned by Samsung.
The life expectancy of a Nexus device is about 3 years. Apple does the same thing. After 3 years you can not expect an OEM to support their device anymore. The hardware tech moves so fast that is is nearly impossible to do so as well.
Yes the old version of WebView is patched via Google Play, where the new one is done via firmware updates. But I still believe that manufacturers should take responsibility and update their hardware, yet no one is screaming bloody murder in their direction. So the issue is not that google will not patch the problem, they already have. The issue is that OEMs the likes of Samsung are not willing to push software updates to their old devices. It is the OEMs