A WebView bug that could allow a hacker to take control of a device and affects 60 percent of Android phones and Android tablets will not be patched by Google. You can takes steps to fix the problem yourself, however. Here's how to protect Android from WebView bug. Also see: Best Android antivirus apps
WebView is part of the tech used to render web pages in devices running Android 4.3 and lower, and a major bug within it means it could be exploited by a hacker wanting to take control of your device. From Android 4.4 onward the WebKit rendering engine within WebView was replaced with a Chromium-based version known as Blink, so KitKat and Lollipop devices are not affected. Also see: Android Advisor and Security Advisor.
However, the huge number of older and low-end Androids still in circulation today means that 60 percent of phones and tablets - more than a billion devices - are affected. As of 5 January, the vast majority of Android users were still running Android 4.3 Jelly Bean or below (60.9 percent), with only 39.1 percent running Android 4.4 KitKat or 5.0 Lollipop.
Google is in a difficult position. Although it could develop a patch if it was so inclined (it is not, given the age of Jelly Bean), it can only recommend that its hardware partners develop and roll out a patch to their customers. And given that it is largely old and low-end devices that are stuck on Android Jelly Bean or lower, that's not going to happen.
The good news is you can fix the flaw yourself by updating your phone to Android 4.4 KitKat or Android 5.0 Lollipop.
How to update your Android phone or tablet to protect against the WebView bug
If your phone is not rooted it will be able to receive OTA (over the air) updates. It's quite possible that one is available for your device for some time and you've until now ignored it. Updating your device could not only improve any stability issues but bring new features.
It's important to note, however, that unless you own a Nexus device (and in which case, you should already be running Android Lollipop) the software updates are the responsibility of the device manufacturer and not Google. If your device is from a well-known brand such as Samsung, Sony, HTC, LG or Motorola, then you could well be in luck. If it comes from a company less well known, or is a very old or very cheap device, the manufacturer is under no obligation to provide any software updates.
To check whether an update is available for your phone or tablet, open the Settings menu (tap the cog icon in the app menu) and look for an option called About phone or About tablet. What you see next may differ from device to device, but in most cases you'll see a menu option called Software update or System updates - tap on this.
If an update is available, you will now be given the chance to download and install it. Before you do so, check that your phone or tablet is connected to Wi-Fi, that it has at least 50 percent of its battery remaining (plug it into a mains socket if it doesn't), and that anything you want to keep is backed up just in case.
If, however, you open the Software Update menu and get a message that 'The file in the SD card does not exist' (or similar), it's likely that your phone is rooted. If this is the case you will have to download and manually install Android updates.
Rooting an Android device is the process of gaining privileged or full control of the sub-system or operating system. It's the same thing as jailbreaking an iPhone. Rooting can also present an alternative option in safeguarding your device from the WebView bug if no Android KitKat or Lollipop update is available.
Rooting Android isn't a process that should be taken lightly, and especially not by less-techie users. For advice on the risks of rooting and how to root your device see How to root Android devices: Become a SuperUser.
Follow Marie Brewis on Twitter.