Android Lollipop AH-12

Android Lollipop’s WebView Un-bundled From To Improve Device Security

October 19, 2014 - Written By David Steele

In the last couple of years, we’ve seen something of a sea change with Android devices. Google and some of the device manufacturers, most notably HTC and Motorola, have started un-bundling certain applications from the operating system and allowing them to be updated from the Play Store. We’ve also seen the Google Play Services application launched, which might be considered something of a “feature enabling” part of Android. Google Play Services is automatically pushed to devices running Android 2.2 FroYo and later and enables or updates a number of different services on the device such as location sensing, push notifications, account synchronization, Google Maps, Android Device Manager plus other features.

The original equipment manufacturer features, such as Motorola’s Moto Display or HTC’s Lock Screen, can be updated without necessitating a device firmware update. This means that updates are received significantly quicker than relying on your carrier to approve any software update and this in turn means that your device gets current and updated features much, much quicker. This leads me on to tonight’s story, which is that with Android 5.0 Lollipop, Google are un-bundling one of the core components of the operating system: WebView. WebView is the code or application that allows applications to view web pages or HTML code without launching a separate web browser. This is an important development since it means that any important security updates to the browser may be implemented much quicker than a firmware update.

This isn’t the first time that the WebView application has been given something of an overhaul, because with the launch of Android 4.4 Kit Kat, the old WebKit-based WebView was replaced with Google’s own Chromium browser project. The last update of Chromium built into the operating system was with the release of Android 4.4.3; this code is now six months and six versions behind the current version of Chromium. A few days after Google released Kit Kat, the Chrome Developer team acknowledged the problem and their intent to improve matters with a series of regular updates. It took them a year, but things will be getting better from Lollipop onwards. It’s a small and nearly transparent change under the skin of Android and arguably, it’s overdue but the change will improve Android 5.0’s already improved security features and may even enable additional functionality for application developers.