Advertisement

No more updates for Android Browser, switch to Firefox – here’s why

No matter which software OS you use, it is important that you keep yourself protected from security vulnerabilities otherwise you can get hacked. Developers of the Metasploit framework, which is a penetration testing software, noticed that updates to the WebView component (the one used by Android's HTML renderer) have been discontinued for all Android versions prior to 4.4 (KitKat) and 5.0 (Lollipop). Google has thus decided to abandon lots of users with older Android devices (all 4.x versions except 4.4), even though the version of WebView in them has security vulnerabilities. Here is what you should do to harden your security.

Advertisеment


In Android 4.4, the vulnerable WebView component was finally replaced with its modern successor, based on the more secure Chromium code base. But the former one, used in Android 4.3 and earlier, has had no updates for a very long time! As of this moment, at least 11 working exploits are available publicly with different attack vectors! This is not just slightly unsafe, it is very dangerous.

Combined with another flaw in Google AdWords, which allows using HTML5+JavaScript in AdSense banners, an attacker can exploit any of these vulnerabilities to successfully attack Android devices with this outdated WebView component. At this moment, malefactors are actively using the AdWords security breach to redirect AdWords traffic to their own sites. Nothing prevents them from changing the method and their goals. See the following Google support thread for more details.

So, what you can do?

Switch to Mobile Firefox on Android

firefox logo banner
While it will not protect you from third party apps which use WebView, the main app which you might be using to read the web on your mobile device is your browser. So now is a good reason to switch from the outdated default "Browser"/"Internet" app to Firefox for Android. Firefox uses its own alternate rendering engine and is relatively safe. It is getting regular updates and even supports add-ons in the mobile version. For instance, if you install the "AdBlock Plus" or "Adblock Edge" add-on, it will block AdSense on your smartphone and you will not be affected by the AdWords flaw.

You can of course choose another browser of your choice, but my recommendation is to use Firefox. You can get it from Google Play or from F-Droid.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisеment

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

3 thoughts on “No more updates for Android Browser, switch to Firefox – here’s why”

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.