Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

AP Photo/Jeff Chiu

Google says this Android security flaw isn't as bad as you might think

A recent report suggested that 66% of Android devices were vulnerable to a new security flaw, but Google believes the real figure is lower.

GOOGLE HAS RELEASED a patch designed to fix a potential security issue but claimed that it isn’t as serious as first suggested.

Security company Perception Point found an issue in the Linux kernel, the core of its Android operating system, which would have allowed attackers a way to take over a device.

It said the flaw had “implications for approximately tens of millions of Linux PCs and servers as well as 66% of Android devices“, but there was no evidence that the flaw had been exploited by anyone.

However, Google responded to the report by saying the number of devices that are affected isn’t as great as claimed, and how it didn’t have the usual 90-day window to investigate the flaw before it was publically released.

“Since this issue was released without prior notice to the Android Security Team, we are now investigating the claims made about the significance of this issue to the Android ecosystem,” said Adrian Ludwig of Android’s security team. “We believe that the number of Android devices affected is significantly smaller than initially reported”.

Android breakdown Android developers Android developers

Ludwig said that both its Nexus devices and Android devices with Lollipop (5.0) or greater are safe since they are protected by SELinux (Security-Enhanced Linux), a security measure that prevents third-party apps from accessing a device’s code. That amounts to a third of all Android devices released (33.3%).

He also said that “many devices running Android 4.4 (KitKat) or earlier do not contain the vulnerable code introduced in Linux kernel 3.8,” suggesting that most Android devices are safe.

Despite that, Google has released a patch that will be implemented on newer Android devices. It’s expected to arrive after 1 March.

Read: Too many tabs open? Here’s how you can snooze them for later >

Read: Amazon says its delivery drones are ‘more like horses than cars’ >

Close
8 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds