Android security team appeals to bug hunters

Summary:The security team for Google's nascent open-source mobile platform, Android, has attempted to raise its profile with the security community

The security team behind Google's mobile platform, Android, has tried to raise its profile among security researchers by appealing for their vigilance in monitoring the platform.

In an email to the popular Full Disclosure mailing list, the Android security team said that as flaws in the system were inevitable, Google would require help from the security research community both in finding and disclosing those vulnerabilities.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," wrote an Android security-team member. "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realise that the discovery of additional security issues in a system this large and complex is inevitable."

The team requested that security researchers disclose Android vulnerabilities to Google, rather than making them generally available.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of co-ordination to patch," wrote the security-team member. "Help from security researchers in the form of usable bug reports and responsible timelines will greatly assist us in securing the ecosystem of Android devices as quickly as possible."

Google had not responded to a request for comment at the time of writing.

Multiple vulnerabilities in the Android platform were reported in March. Although Android is not yet deployed on any devices, exploits for the vulnerabilities were tested on an Android emulator included in its software development kit (SDK). A long-awaited beta version of the SDK was made available to developers on Monday.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.