All You Need to Know About Android System WebView

2

Google has opted out of patching loopholes and security updates to its ‘WebView’ system for Android Jellybean and prior versions. On  Jan 12, 2015, independent researchers Rafay Baloch (of Rafay’s Hacking Articles)  and Rapid7’s Joe Vennix who have been pen testing into Android’s ‘WebView’ reported 11 security exploits. These 11 exploits affect Android 4.3 and prior Android 4.3 based developed apps.

A group of researchers mailed about these flaws and Google quoted back-

“If the affected version [of WebView] is before 4.4, we generally do not develop the patches ourselves, but welcome patches with the report for consideration. Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch.”

So let’s find out What is ‘WebView’? and What Jellybean users must do to minimize the chances of exploitation?

Must Read: Malware on Android: The 5 Types You Must Know About

What is Android System WebView?

If you’re browsing on your smartphone besides Google Chrome and FireFox then probably you’re on Android WebView.

WebView is the core component used to render web pages on Android devices. It was replaced in Android 4.4 KitKat with a more recent Chromium-based version of WebView, used by the popular Chrome browser. In Android 5.0, WebView was dissected as a separate app only to provide security patches directly from Google Play Store. In earlier versions to patch up such things firmware update was required, now things go differently from Android Lollipop. If any security patches are required Google can bust them pushing an App update over Play Store.

Why Stop fixing?

The main reason Google withdraw its support for aged versions is, fixing these loose nuts cost Google a whole new firmware builds. Instead of fixing the code over again Google encourages upgrade to the younger deserts. Anyhow, Google is still ready to patch up if anyone submits the fixes. Now, this is only possible with the support of OEMs as they need to push fixes to all their old-age devices. Modernisation is inevitable and hence these fixes are ignored. After all, things need to move on.

What should Jellybean and prior users do?

According to Metasploit, a good share of users are ported with Android Jelly bean and it will take a lapse of 2 years to cut down those noticeable shares. Some developers believe Google already fixed those security flaws and they name this clever fix as Android 4.4 KitKat. Andr-verSo if you’re here and still on Jellybean these are must follow tips if you don’t want to get exploited.

  1. Update your Apps to latest versions
  2. Use Chrome or Firefox browsers
  3. Uninstall all 3rd party Apps
  4. Only Install Apps from trusted developers
  5.  Never browse on native App browser (link defaults to Chrome browser)

For the rest of the world don’t just relax on your couch. Have the latest version of Android WebView System on your device because we never know what fixes are yet to be done in KitKat or later versions. As of now stick to Google and have latest updates from Webview

Android System WebView
Google LLC Tools Free
Download

So what do you think about Android WebView? Is Google right ignoring such issue or it must fix them ASAP? Share your views in the comments below.

  • TheIronRod

    Many YouTube videos referencing Android System Webview are Hindu. Type in Indian Scammers in the YouTube search and you’ll see what makes the app Android System Webview suspect. I’m not pointing fingers or trying to be presumptuous …. it’s just an observation.

  • GD Scoggins

    Android Webview is a piece of shit whose current update crashes my native email app on an HTC One M8. I uninstall back to the factory version only to have the damn thing push its update back again that night. This has been going on for weeks and I’ve finally disabled the damn thing. If that causes issued or exploits, I’ll just out a hammer thru an otherwise stellar phone and jump.ship to the fruit phone brigade. Android can kiss my Pissed off and now unfunctional ass if they keep installing these time bomb apps just to force us into buying the next damn generation of a device.