There’s been a bunch of buzz lately about a vulnerability in versions of Android prior to 4.4 (KitKat). Google has advised that it doesn’t plan to issue any fixes for these older versions. Unsurprisingly, this has invited a lot of clickbait-hungry tech “journalists” to start screaming that Google is to blame for leaving 60% of Android devices with a critical unpatched flaw. That kind of blame-shifting, however, is stupid, wrong, and grossly irresponsible.
First off, there’s a fix available for the issue. Any phone upgraded to 4.4 (KitKat) or 5.0 (Lollipop) is safe. Given that there are now two successive releases with the flaw patched, what sense would it make to retroactively go back and patch a much older version? Google has already pointed out that because Android is open source, anyone could submit a patch to the code to address it.
But they also point out something far more important. If a patch were accepted, the best Google can do is notify the phone manufacturers that it exists. Google can’t forcibly update the phone with the patch. They can’t make a manufacturer who decided to write off a specific model go back and release the update. Ultimately, Google has little power over this. Even if a patch for older versions of Android was released, why would you want that instead of an update to a newer version like KitKat or Lollipop?
While the Blame Google Express is barrelling down the tracks, it continues to let HTC, Samsung, LG, Sony, Motorola, and many other manufacturers off the hook for releasing devices that they know won’t be updated for more than a year or two, tops. Google isn’t putting you at risk; manufacturers who figure that they’ve already got theirs are. If a journalist’s job is to inform and explain, they’re apparently taking the day off on this one.