Introducing the Android Security Team

1,330 views
Skip to first unread message
Message has been deleted

ri...@google.com

unread,
Aug 18, 2008, 6:09:14 PM8/18/08
to Android Security Announcements
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings to the Security Community,

We would like to introduce ourselves, the Android Security Team, to
the security research and vulnerability disclosure communities. As
you may know, Android is a Linux-based mobile platform containing the
frameworks and libraries necessary to support easy and open
development of mobile applications. It also contains a collection of
standard applications that can be included on a mobile device. All
of the source code of the Android Platform will be released later
this year under the GPL and Apache 2.0 Licenses, and many diverse
groups are already working on their own Android devices and
applications.

You can read more about Android and download the free SDK and
emulator at http://code.google.com/android/.

As you may expect, building and maintaining a secure mobile platform
is a difficult task. The Android platform team has put a great deal
of work into trying to design a platform that balances our goal of
open development and user choice with the unique challenges of
securing a consumer-focused mobile system. While we have found and
fixed many of our own bugs as well as flaws in other open source
projects, we realize that the discovery of additional security issues
in a system this large and complex is inevitable. That is why we
would like to introduce ourselves today and let the security research
community know how they can reach out and work with us.

If you are interested in our security philosophy and process, you may
want to read our security FAQ:
http://code.google.com/android/kb/security.html.

If you would like to report a bug in Android or one of its
components, please email secu...@android.com. We will respond to
bug reports with requests for more information if necessary, and if
not we will keep reporters informed of our progress in closing the
issue. We do appreciate and encourage responsible disclosure,
especially since Android will be deployed on many different devices
that will require a large amount of coordination to patch. Help from
security researchers in the form of usable bug reports and
responsible time lines will greatly assist us in securing the
ecosystem of Android devices as quickly as possible. Our
vulnerability bulletins will credit responsible reporters of any
flaws.

If you would like to receive security patch announcements for
Android, please join the android-security-announce Google Group:
http://groups.google.com/group/android-security-announce. All of our
security announcements will be signed by GPG using our key, available
at http://code.google.com/android/security_at_android_dot_com.txt.

For discussion of Android platform security and how to develop secure
Android applications, please join the android-security-discuss Google
Group: http://groups.google.com/group/android-security-discuss.

We will be releasing more details of the security features of the
Android platform over the next several months, as well as developer
documentation and guidance on how to use these features in your
Android applications. The entire team is looking forward to shipping
the Android platform and seeing what innovative things people will do
when empowered with a truly open mobile environment. Please feel
free to email us or start a discussion on android-security-discuss if
you have general questions or comments regarding the security of the
Android platform.


Sincerely,

The Android Security Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkip8kYACgkQcx5rnwBUD8PjMgCfU0X7OL74p0a9+SCIzKJ04OJl
C+gAn2rtpcpmF0QZBMLP/pTf/PXjykv8
=cYPl
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages