Feeds

Googlephone security team seeks bug hunters

Android needs You

The essential guide to IT transformation

Google's Android security team has appealed to bug hunters to help it iron out flaws in the platform.

In a posting to a full disclosure mailing list, Android security staff concede that security bugs in complex software stacks are inevitable. They are inviting help from the security community in identifying and ironing out vulnerability wrinkles before they begin to show.

It's a refreshing approach that contrasts with the lack of openness from Apple's rival iPhone development team of whom little has been heard, apart from a recent job ad for a reverse engineer.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," an Android security team member writes. "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable."

The Android team expressed a preference for hearing about bugs first-hand rather than learning about them through such channels as full disclosure mailing lists. Responsible disclosure of this type will help Google to push out patches in a timely manner.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of coordination to patch," the post explains.

At this stage of the game would-be bug hunters do not have the benefits of devices running Android to test with. Vulnerabilities in early emulator software have already been discovered by security tools firm Core Security back in March.

A beta (0.9) version of the Android Software Development kit was released on Monday. More details on the security features of the platform will follow, the Android team promise.

"We will be releasing more details of the security features of the Android platform over the next several months, as well as developer documentation and guidance on how to use these features in your Android applications," the post, which gives contact details and links to information on the security philosophy for Android, explains.

The Android mobile device platform is based on Linux and developed by Google and the Open Handset Alliance, a consortium of hardware, software, and telecom firms. Google has promised to make the majority of code for the Android platform available under the Apache open-source licence, once the first full version of the software is released later this year. ®

Next gen security for virtualised datacentres

More from The Register

next story
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.