madison
Home / News & Blogs

Android security team appeals to bug hunters

Tom Espiner ZDNet.co.uk | August 19, 2008 10:54 AM PDT

Summary

The security team for Google's nascent open-source mobile platform, Android, has attempted to raise its profile with the security community

Topics

Google Inc., Team, Mobile, Vulnerability, Security Team, Mobile Platform, Tom Espiner ZDNet.co.uk, Google, Android, SDK, open source, security
The security team behind Google's mobile platform, Android, has tried to raise its profile among security researchers by appealing for their vigilance in monitoring the platform.

In an email to the popular Full Disclosure mailing list, the Android security team said that as flaws in the system were inevitable, Google would require help from the security research community both in finding and disclosing those vulnerabilities.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," wrote an Android security-team member. "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable."

The team requested that security researchers disclose Android vulnerabilities to Google, rather than making them generally available.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of co-ordination to patch," wrote the security-team member. "Help from security researchers in the form of usable bug reports and responsible timelines will greatly assist us in securing the ecosystem of Android devices as quickly as possible."

Google had not responded to a request for comment at the time of writing. Multiple vulnerabilities in the Android platform were reported in March. Although Android is not yet deployed on any devices, exploits for the vulnerabilities were tested on an Android emulator included in its software development kit (SDK). A long-awaited beta version of the SDK was made available to developers on Monday.

Talkback Most Recent of 1 Talkback(s)

  • Bravo Google
    Well done Google - It would be nice to see more organisations admit it's possible that they don't know everything and allow community groups (particularly security groups) to help. It seems virtually all new software contain security bugs these days (at least when first released) and mobile devices in particular in my opinion, will be the next major target for exploitation (if they aren't already) as functionality and connectivity increases.

    Chris Fry
    http://www.chris-fry.com
    ZDNet Gravatar
    ChrisFry
    19th Aug 2008

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity