Android webview is very outdate, update asap

Privacy & Security
1

I bought the mudita kompakt in the end, and I love it. A bit overpriced considering the hardware, still I think it is a piece of art and is a joy to use it, thanks also to the cure in the software.

But, as I say in the title, as an appendix of the concerns about “aosp 12 being outated”:

the webview component boundled with kompact is at version 128, a chromium version very old (august 2024).

This is a great security concern, because when the user install a third party app, and specifically a third party browser (like einkbro, duckduckgo, and a lot of other popular choices) he will navigate the web with a very outdated engine. This is a serious concern, probably the biggest security hole in the device. And could be fixed pretty easily, boundling an updated version (better would be an hardened updated version, see vanadium) in the next release.

This situation is very, very bad and should be fixed asap.

In the meantime, I suggest to people here to use updated gecko-based browsers (like ironfox, an hardened fork of firefox) or a chromium-based browser that ships the entire engine with the apk (cromite and brave for example).

AVOID: duckduckgo, einkbro, foss browser and a lot of others, VERIFY THAT THE BROWSER YOU ARE USING DOESN’T USE WEBVIEW.

6 Likes
I caved in and installed a browser on my Kompakt
2

How do the browsers you mention perform on the Kompakt, are they not intended for a fully fledged smartphone? I understood that the choice of browsers was rather limited for mudita users

2 Likes
3

you can sideload basically any app. Chromium based browsers tend to work better in my experience.

Browsing is slow compared to a modern smartphoe and UI is not optimized for eink., but it works.

1 Like
4

Yeah this is a huge issue and I’m very surprised nobody from the team has responded to this yet. Yet another reason why I have a hard time believing their “strategy” of piecemealing together security updates is fundamentally flawed. Here’s a prime example of a massive security hole slipping through the cracks!

1 Like
5

I did talk to the team & they said that this will be updated. However, I don’t have info as to exactly when.

2 Likes
6

My best guess is 2040 ? :stuck_out_tongue:

2 Likes
A week with the Kompakt • Observations and concerns
7

That’s great, but the point here is that this is just one security hole that we know of that comes as a direct result of the idea that a small team can effectively piecemeal together security updates rather than basing the OS off of an AOSP version that receives them regularly. And this is a massive one to miss! How many other smaller vulnerabilities exist in the phone that are buried deep in Mudita OS K code that we would have no way of knowing about?

1 Like
8

Maybe a little sooner…but I can’t promise anything

1 Like