Tuesday, August 19, 2008

Android security team appeals to bug hunters

The security team behind Google's mobile platform, Android, has tried to raise its profile among security researchers by appealing for their vigilance in monitoring the platform.

In an email to the popular Full Disclosure mailing list, the Android security team said that as flaws in the system were inevitable, Google would require help from the security research community both in finding and disclosing those vulnerabilities.

"As you may expect, building and maintaining a secure mobile platform is a difficult task," wrote an Android security-team member. "While we have found and fixed many of our own bugs as well as flaws in other open-source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable."

The team requested that security researchers disclose Android vulnerabilities to Google, rather than making them generally available.

"We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of co-ordination to patch," wrote the security-team member. "Help from security researchers in the form of usable bug reports and responsible timelines will greatly assist us in securing the ecosystem of Android devices as quickly as possible."

Google had not responded to a request for comment at the time of writing. Multiple vulnerabilities in the Android platform were reported in March. Although Android is not yet deployed on any devices, exploits for the vulnerabilities were tested on an Android emulator included in its software development kit (SDK). A long-awaited beta version of the SDK was made available to developers on Monday.



  • Security researcher demands money from Sun, Nokia
  • First Symbian Foundation handsets due in 2010
  • Nokia buys Symbian to form open-source Android killer
  • No comments: