This site uses cookies to improve your experience and to provide services and advertising. By continuing to browse, you agree to the use of cookies described in our Cookies Policy. You may change your settings at any time but this may impact on the functionality of the site. To learn more see our Cookies Policy.
Dublin: 5 °C Monday 16 December, 2019

Google says this Android security flaw isn't as bad as you might think

A recent report suggested that 66% of Android devices were vulnerable to a new security flaw, but Google believes the real figure is lower.

Image: AP Photo/Jeff Chiu

GOOGLE HAS RELEASED a patch designed to fix a potential security issue but claimed that it isn’t as serious as first suggested.

Security company Perception Point found an issue in the Linux kernel, the core of its Android operating system, which would have allowed attackers a way to take over a device.

It said the flaw had “implications for approximately tens of millions of Linux PCs and servers as well as 66% of Android devices“, but there was no evidence that the flaw had been exploited by anyone.

However, Google responded to the report by saying the number of devices that are affected isn’t as great as claimed, and how it didn’t have the usual 90-day window to investigate the flaw before it was publically released.

“Since this issue was released without prior notice to the Android Security Team, we are now investigating the claims made about the significance of this issue to the Android ecosystem,” said Adrian Ludwig of Android’s security team. “We believe that the number of Android devices affected is significantly smaller than initially reported”.

Android breakdown Source: Android developers

Ludwig said that both its Nexus devices and Android devices with Lollipop (5.0) or greater are safe since they are protected by SELinux (Security-Enhanced Linux), a security measure that prevents third-party apps from accessing a device’s code. That amounts to a third of all Android devices released (33.3%).

He also said that “many devices running Android 4.4 (KitKat) or earlier do not contain the vulnerable code introduced in Linux kernel 3.8,” suggesting that most Android devices are safe.

Despite that, Google has released a patch that will be implemented on newer Android devices. It’s expected to arrive after 1 March.

Read: Too many tabs open? Here’s how you can snooze them for later >

Read: Amazon says its delivery drones are ‘more like horses than cars’ >

  • Share on Facebook
  • Email this article

About the author:

Quinton O'Reilly

Read next:


This is YOUR comments community. Stay civil, stay constructive, stay on topic. Please familiarise yourself with our comments policy here before taking part.
write a comment

    Leave a commentcancel