No more updates for Android Browser, switch to Firefox – here’s why

No matter which software OS you use, it is important that you keep yourself protected from security vulnerabilities otherwise you can get hacked. Developers of the Metasploit framework, which is a penetration testing software, noticed that updates to the WebView component (the one used by Android's HTML renderer) have been discontinued for all Android versions prior to 4.4 (KitKat) and 5.0 (Lollipop). Google has thus decided to abandon lots of users with older Android devices (all 4.x versions except 4.4), even though the version of WebView in them has security vulnerabilities. Here is what you should do to harden your security.

Advertisment


In Android 4.4, the vulnerable WebView component was finally replaced with its modern successor, based on the more secure Chromium code base. But the former one, used in Android 4.3 and earlier, has had no updates for a very long time! As of this moment, at least 11 working exploits are available publicly with different attack vectors! This is not just slightly unsafe, it is very dangerous.

Combined with another flaw in Google AdWords, which allows using HTML5+JavaScript in AdSense banners, an attacker can exploit any of these vulnerabilities to successfully attack Android devices with this outdated WebView component. At this moment, malefactors are actively using the AdWords security breach to redirect AdWords traffic to their own sites. Nothing prevents them from changing the method and their goals. See the following Google support thread for more details.

So, what you can do?

Switch to Mobile Firefox on Android

firefox logo banner
While it will not protect you from third party apps which use WebView, the main app which you might be using to read the web on your mobile device is your browser. So now is a good reason to switch from the outdated default "Browser"/"Internet" app to Firefox for Android. Firefox uses its own alternate rendering engine and is relatively safe. It is getting regular updates and even supports add-ons in the mobile version. For instance, if you install the "AdBlock Plus" or "Adblock Edge" add-on, it will block AdSense on your smartphone and you will not be affected by the AdWords flaw.

You can of course choose another browser of your choice, but my recommendation is to use Firefox. You can get it from Google Play or from F-Droid.

Advertisment

3 thoughts on “No more updates for Android Browser, switch to Firefox – here’s why

  1. hryuckinnen

    Why not Chrome, dude?

    Reply
    1. Sergey Tkachenko Post author

      Chrome is bloated and slow. It is 10000 times worse than slow Firefox :)

      Reply
  2. Юрий

    How to move the address bar to bottom on my Firefox in Android?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *