Full Disclosure mailing list archives
Introducing the Android Security Team
From: richc () google com
Date: Mon, 18 Aug 2008 14:54:38 -0700 (PDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings to the Security Community, We would like to introduce ourselves, the Android Security Team, to the security research and vulnerability disclosure communities. As you may know, Android is a Linux-based mobile platform containing the frameworks and libraries necessary to support easy and open development of mobile applications. It also contains a collection of standard applications that can be included on a mobile device. All of the source code of the Android Platform will be released later this year under the GPL and Apache 2.0 Licenses, and many diverse groups are already working on their own Android devices and applications. You can read more about Android and download the free SDK and emulator at http://code.google.com/android/. As you may expect, building and maintaining a secure mobile platform is a difficult task. The Android platform team has put a great deal of work into trying to design a platform that balances our goal of open development and user choice with the unique challenges of securing a consumer-focused mobile system. While we have found and fixed many of our own bugs as well as flaws in other open source projects, we realize that the discovery of additional security issues in a system this large and complex is inevitable. That is why we would like to introduce ourselves today and let the security research community know how they can reach out and work with us. If you are interested in our security philosophy and process, you may want to read our security FAQ: http://code.google.com/android/kb/security.html. If you would like to report a bug in Android or one of its components, please email security () android com. We will respond to bug reports with requests for more information if necessary, and if not we will keep reporters informed of our progress in closing the issue. We do appreciate and encourage responsible disclosure, especially since Android will be deployed on many different devices that will require a large amount of coordination to patch. Help from security researchers in the form of usable bug reports and responsible time lines will greatly assist us in securing the ecosystem of Android devices as quickly as possible. Our vulnerability bulletins will credit responsible reporters of any flaws. If you would like to receive security patch announcements for Android, please join the android-security-announce Google Group: http://groups.google.com/group/android-security-announce. All of our security announcements will be signed by GPG using our key, available at http://code.google.com/android/security_at_android_dot_com.txt. For discussion of Android platform security and how to develop secure Android applications, please join the android-security-discuss Google Group: http://groups.google.com/group/android-security-discuss. We will be releasing more details of the security features of the Android platform over the next several months, as well as developer documentation and guidance on how to use these features in your Android applications. The entire team is looking forward to shipping the Android platform and seeing what innovative things people will do when empowered with a truly open mobile environment. Please feel free to email us or start a discussion on android-security-discuss if you have general questions or comments regarding the security of the Android platform. Sincerely, The Android Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkip4ZIACgkQcx5rnwBUD8NLTQCeNd4G2wLD8WSgxrNWxZ251cET luMAoIwaZqEXVxDTbcNTIQUZLJeP5ZUo =ATw2 -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Security Announcements" group. To post to this group, send email to android-security-announce () googlegroups com To unsubscribe from this group, send email to android-security-announce+unsubscribe () googlegroups com For more options, visit this group at http://groups.google.com/group/android-security-announce?hl=en -~----------~----~----~----~------~----~------~--~--- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Introducing the Android Security Team richc (Aug 19)