So the bug is only for a browser that isn't supported by Google? No surprise that it hasn't been patched. If security is such a big deal to a user they should use a browser that is supported by a strong development team. Firefox and Opera Mobile work fine on low end phones.
But still a browser that was created by Google and was bundled with the OS until 12 months ago, never mind how long it takes OEMs to roll it out. Android <=4.3 accounts for 75% of Android users:
Just because Google decided not to support it any more doesn't mean they shouldn't. Pointing out Firefox and Opera is all very well, but this is the default browser on Android <=4.3, and very few users explore alternative browsers (Chrome being the exception, to a point).
It's also the browser engine used in embedded webviews, don't forget.
Could they update it, though? I thought part of the reason they went to Chrome is that the AOSP browser is baked into the OS and so not updateable without updating the whole OS. So to patch it, they'd have to update the OS, but if you're doing that, then why not just move to the latest OS, which is already fixed?
Chrome only supports Android 4.0+ (Ice Cream Sandwich), so people with older Android devices don't have that choice. OTOH, Firefox supports Android 2.3+ (Gingerbread). Mozilla only recently dropped Froyo support.
They can update the "Android Browser" app, but the flaw is in a system level component (the Android WebView). They might be able to mitigate the flaw with an update to the app, but all other applications (including any OEM shipped browser that utilises the system web view) would still be vulnerable.
Alt browsers are often the first app the people download.
Which people? I'll grant that Chrome is an exception, given that it's bundled, but I've never seen usage number of other alternative Android browsers hit any meaningful numbers.
My grandmother managed to switch entirely to Chrome on her PC without the help of anyone in our family. Anecdotal evidence works both ways. It isn't 1998. Most people know what a browser is and which one they are using on their desktop. Making the leap to a second browser on a phone (where they can easily get it from Google Play) isn't that ridiculous.
Who's talking about PC? We're talking about phones here, and it is different. Also, it's not anecdotal; we have data. The only reason that IE still has such a large share of the browser market is because people are unaware of and/or don't care about other (better) options.
Not sure what fantasy land you're living in. But most people are not downloading alternate browsers en masse for their phone. Especially not when there isn't a compelling reason to do so.
Chrome on Desktop has adapted several malware techniques to get installed without the user noticing. Bundled by default in many installers, including Flash, installs with user permissions only.
Isn't that what you are for, if you're computer-literate?
The first thing I install on my gf's computer or phone is Firefox and configure it to sensible settings (turn off third-party cookies, install ABP and Ghostery and stuff like that).
I've played tech support to many people in my circle of friends and family who have no idea that alternate browsers even exist. The vast majority of users use what comes on the phone by default.
Most "normal" people assume whatever browser comes with Android is "Google's Browser" (right or wrong), so this could be a very big deal to A LOT of people. How many Android handset manufactures have shipped units with the AOSP browser as the default?
So on 90% of phones when someone opens "the web" using the browser installed on their device, they are using an unsupported browser. How would they know this?
not the exact same mistake, as you can install chrome...and now those can at least be disabled. Un-installable system apps...another place where the microsoft and apple default is a mistake.
I fail to understand your point. you can also install browsers on windows that ship with IE6.
your other arguments, maybe on your fancy phone. 99% of the phones still stuck on 2.3.3 or older, you
- can't disable system apps
- can't uninstall system apps
- usually have 60mb or less for apps.
- can use the SD card for apps.
that leaves ANY browser out of the option. chrome and firefox, both install on around 20 to 40mb... and then consumes an additional (non-configurable) 100+mb of cache on the app data partition. leaving any older phone crippled (you can't fetch background data when the low storage space warning is showing).
Even if we accept your dismissal of this issue, and I sure don't, this is indicative of Android's issues as a platform. Massive vulnerability affecting huge proportion of installed base is ignored by vendor.
"So the bug is only for a browser that isn't supported by Google?"
Wait, what ? I'm not an android user, but I am a chrome user on all of my desktops ... can someone enlighten me ? How is chrome not a browser supported by google ?
"deprecated" while there are still millions of consumers whose products only run 2.3.3 with enough memory for aosp browser (which they cant even uninstall)
google logic. ...or better yet, san francisco dev logic
