I didn't test back this far; I should have, it's about 10% of android users. I tested back to 4.0 (not that 4.0-4.1.2 being vulnerable matters much, since you can get remote code execution easily through the addJavascriptInterface vulnerability). I tried out 2.1 in the emulator just now and got the same results as you, so it looks like 2.x is not affected by this.