You might not be happy that Google isn't fixing a web security flaw in your older Android phone, but the search giant now says that it has some good reasons for holding off. As the company's Adrian Ludwig explains, it's no longer viable to "safely" patch vulnerable, pre-Android 4.4 versions of WebView (a framework that lets apps show websites without a separate browser) to prevent remote attacks. The sheer amount of necessary code changes would create legions of problems, he claims, especially since developers are introducing "thousands" of tweaks to the open source software every month.

http://www.engadget.com/2015/01/24/g...-webview-flaw/