Feeds

Googlephone security team seeks bug hunters

Android needs You

Top 5 reasons to deploy VMware with Tegile

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform.

In a posting to a full disclosure mailing list, Android security staff concede that security bugs in complex software stacks are inevitable. They are inviting help from the security community in identifying and ironing out vulnerability wrinkles before they begin to show.

It's a refreshing approach that contrasts with the lack of openness from Apple's rival iPhone development team of whom little has been heard, apart from a recent job ad for a reverse engineer.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," an Android security team member writes. "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable."

The Android team expressed a preference for hearing about bugs first-hand rather than learning about them through such channels as full disclosure mailing lists. Responsible disclosure of this type will help Google to push out patches in a timely manner.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of coordination to patch," the post explains.

At this stage of the game would-be bug hunters do not have the benefits of devices running Android to test with. Vulnerabilities in early emulator software have already been discovered by security tools firm Core Security back in March.

A beta (0.9) version of the Android Software Development kit was released on Monday. More details on the security features of the platform will follow, the Android team promise.

"We will be releasing more details of the security features of the Android platform over the next several months, as well as developer documentation and guidance on how to use these features in your Android applications," the post, which gives contact details and links to information on the security philosophy for Android, explains.

The Android mobile device platform is based on Linux and developed by Google and the Open Handset Alliance, a consortium of hardware, software, and telecom firms. Google has promised to make the majority of code for the Android platform available under the Apache open-source licence, once the first full version of the software is released later this year. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Getting ahead of the compliance curve
Learn about new services that make it easy to discover and manage certificates across the enterprise and how to get ahead of the compliance curve.