Android security team appeals to bug hunters

Android security team appeals to bug hunters

Summary: The security team for Google's nascent open-source mobile platform, Android, has attempted to raise its profile with the security community

The security team behind Google's mobile platform, Android, has tried to raise its profile among security researchers by appealing for their vigilance in monitoring the platform.

In an email to the popular Full Disclosure mailing list, the Android security team said that as flaws in the system were inevitable, Google would require help from the security research community both in finding and disclosing those vulnerabilities.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," wrote an Android security-team member. "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable."

The team requested that security researchers disclose Android vulnerabilities to Google, rather than making them generally available.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of co-ordination to patch," wrote the security-team member. "Help from security researchers in the form of usable bug reports and responsible timelines will greatly assist us in securing the ecosystem of Android devices as quickly as possible."

Google had not responded to a request for comment at the time of writing. Multiple vulnerabilities in the Android platform were reported in March. Although Android is not yet deployed on any devices, exploits for the vulnerabilities were tested on an Android emulator included in its software development kit (SDK). A long-awaited beta version of the SDK was made available to developers on Monday.

Topics: Mobility, Android, CXO, Google, Open Source, Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


1 comment
Log in or register to join the discussion
  • Bravo Google

    Well done Google - It would be nice to see more organisations admit it's possible that they don't know everything and allow community groups (particularly security groups) to help. It seems virtually all new software contain security bugs these days (at least when first released) and mobile devices in particular in my opinion, will be the next major target for exploitation (if they aren't already) as functionality and connectivity increases.

    Chris Fry