Google is a smart organization. It has watched the stranglehold that Apple has over its users and has decided that it likes it. Just like art imitates life, Google imitates Apple (and then says “who me?”).
The issue at point is a bug found in the WebView rendering engine, used in all Android releases prior to KitKat (4.4). That rendering engine is open source. Google replaced it with a version that uses a rendering engine developed for its Chromium project. The rub is that this rendering engine requires a licensing agreement between Google and the user (such as Samsung or LG) and the terms of that licensing agreement are distasteful to the handset manufacturers. According to Extreme Tech, some of the distasteful terms are that you don’t compete with Google (i.e. develop apps that Google also has), that you take all of Google’s apps if you want any of them and that you agree to not create your own version of Android like Amazon has done.
For the end user like you and me, this means that if you have a pre-KitKat phone, you will have to live with this bug in the rendering engine – and any other ones that are found, because Google says that since WebView is open source and they are no longer using it, it is up to the user (meaning either you or me, the cellular carrier or the phone manufacturer) to develop, test and deploy a fix. Fat Chance! For one thing, most phones are locked down, so the end user’s ability to install a patch is limited at best, the carriers don’t have the skills to do it and the phone manufacturers want you to buy a new phone anyway.
Apple has done similar things for years. For example, I remember a story of a user that wanted to install the new version of the Kindle software on her iPad, but even though it would work perfectly on that iPad, Apple deemed that iPad obsolete and would not provide an OS upgrade for that version that was needed for the Kindle software to run. So, the user had the choice of not running the Kindle software since Amazon ‘killed’ the older version of the Kindle software so it would not run or buy a new device.
In this case, about 930 million Android users will be susceptible to this and future bugs until they crush their phones (so that no other user will be impacted – not just transfer the problem to another user) and buy a new Apple or Android phone.
Apparently, there are about a dozen attack tests available in Metasploit, a popular penetration testing tool, which will not be patched. This of course, does not count any new bugs found between now and when those 930 million phones are crushed.
So, as Rapid7 suggests, if I were a hacker, I would develop exploits for those 930 million phones knowing that those bugs are never going to be patched. A simple return on investment analysis says that the return will be huge. If those phones are used by corporate users, the corporate data is free for the taking.
Since users are locked in to contracts which have large penalties, those phones will remain active at least until the contracts expire.
In addition, as companies have rushed to “bring your own device” strategies to supposedly save money, the users have to provide their own phone to get their job done and are much less likely to fork over the dough to buy a new phone even after their contracts expire since the money comes out of their own pocket and not the company’s.
Samsung, apparently, is so upset about Google’s efforts to turn the Android into a closed, licensed, OS like Apple’s iOS, it is developing its own called Tizen. When, or if, Tizen becomes mainstream is unclear, but even if it does, it now means that users will have 4 choices for phones (Apple, Android, Windows and Tizen). Developers will pick the winners and losers and corporations will have to support yet another development environment for building apps. Glad things are so simple.
Android becoming a licensed OS is probably not a big problem for end users in the long run – they don’t really care. Apple’s iOS is licensed and it appears to be pretty popular. In the transition period, however, the users get the shaft.