Just days after Microsoft criticized Google for publishing a flaw found in Windows 8.1, the search giant is now getting a taste of its own medicine. A group of researchers have spotted an ugly vulnerability within older versions of Android that is putting a massive number of users at risk.

While it appears the issue has no hold on Android 4.4 and up, nearly 60% of Android users (which pushes awfully close to one billion people) are considered to be vulnerable. Researchers Rafay Baloch and a team at Rapid7 led by engineer Joe Vennix, say that the WebView component within Android 4.3, which allows apps to see webpages without launching another app, has a bug that can allow malicious hackers to tap into devices.

The bad news is that Google won’t be patching this one. According to analysts and direct statements from Google, the company does not develop patches for versions of Android before 4.4. It is also very difficult for the company to do so due to the way WebView is built-into the OS, so instead it will place responsibility on OEM’s and carriers. “Other than notifying OEMs, we will not be able to take action on any report that is affecting versions before 4.4 that are not accompanied with a patch, “ Google said.

Users with newer Android devices don’t need to worry, as Google has dropped WebView from the core OS in favor of integration with the Google Play app. From there it can easily and readily issue updates and patches. While unfortunate news for those with older devices, Google was inevitably going to stop supporting older versions of its popular mobile OS, and this will likely not be the last bug found in left behind versions still being widely used.