Si parla molto da alcuni giorni a questa parte del post su Google Plus del capo della sicurezza di Android, Adrian Ludwig, che ha confermato il mancato rilascio di patch per il bug WebView relativo ai modelli che arrivano fino ad Android 4.3.
Ecco quanto affermato dal diretto interessato, con relative polemiche degli utenti:
“Improving WebView and browser security is one of the areas where we’ve made the greatest progress. Android 4.4 (KitKat) allows OEMs to quickly deliver binary updates of WebView provided by Google, and in Android 5.0 (Lollipop), Google delivers these updates directly via Google Play, so OEMs won’t need to do anything. Until recently we have also provided backports for the version of WebKit that is used by Webview on Android 4.3 and earlier. But WebKit alone is over 5 million lines of code and hundreds of developers are adding thousands of new commits every month, so in some instances applying vulnerability patches to a 2+ year old branch of WebKit required changes to significant portions of the code and was no longer practical to do safely. With the advances in Android 4.4, the number of users that are potentially affected by legacy WebKit security issues is shrinking every day as more and more people upgrade or get new devices”.