Google's decision to cut WebView support on Android versions 4.3 Jelly Bean and below, leaving 60 percent of users open to attack, is a sad but inevitable move, according to security experts.
News that Google had cut WebView support for early Android versions, which according to developer stats still run on over 930 million devices, broke on 12 January.
Google's head of Android security, Adrian Ludwig, later moved to justify the cut arguing patching the early versions is too much effort, in a Google+ post.
The decision caused ripples in the security community, with many researchers feeling that it was a step backward in Google's efforts to secure Android.
However, experts have since come forward arguing the open nature of Android means such a move was inevitable.
ESET security specialist Mark James told V3 the cut-off is a consequence of Android's fragmented nature.
"One of the concerns with Android operating systems is that so many phone manufacturers will modify the original operating system to work with their devices. This is why there are so many phones with so many different variations of Android," he said.
"That's why so many fixes for the variations of devices don't work. Unless you are using a mainstream device [from a firm with] direct control over the user system then you will always have the problem of old devices still containing security loopholes that can't be fixed."
Tenable Network Security technical director Gavin Millard agreed with James: "On the surface, leaving 60 percent of your users out in the cold and vulnerable to attack appears to be a reckless approach.
"Unfortunately, Google are faced with a complex and fragmented code base, further impacted by an arduous process of pushing patches out via smartphone vendors and carriers who's main aim is to sell newer hardware and contracts, rather than update existing devices."
However, senior security consultant at MWR InfoSecurity Rob Miller said the move, while understandable, is dangerous as it puts the onus on securing older Android devices on manufacturers.
"This means that a huge workload has been shifted from Google to the device manufacturers," he said.
"In 2013, HTC responded to complaints that it did not keep it's Android devices up to date by releasing a diagram showing just how many steps were required between receiving changes in code to releasing a version for its users.
"It is foreseeable that the manufacturers may choose to stop supporting older handsets, as the workload now required of them is simply unaffordable."
He added the move will also place many developers between a rock and a hard place and could lead to malware outbreaks on old Android devices.
"Developers will need to make difficult choices as to whether they should include their own webkit libraries, risk having their users connect to their servers in an insecure manner, or whether they should restrict access to around 60 percent of their user base," he said.
"If an attacker could compromise the app's servers, a single webkit exploit would compromise every outdated device that then connected to it."
The WebView cut-off follows controversy around Google's Project Zero initiative.
Security professionals criticised the project over its decision to expose security flaws in Apple and Microsoft systems, arguing it was irresponsible and benefited hackers more than end users, during interviews with V3 earlier in January.
Loon's balloons will bring the internet to remote areas of the country
New clues into the biosphere on Earth in the lead up to the emergence of animal life
Planetary collision might shed light on the chaotic processes behind a star's early development
Success boosted by streamer Ninja and celebrity gamers