Recycled code causing bugs with popular Android apps

Recycled code causing bugs with popular Android apps
Android has long had the reputation of being a buggy system, despite research showing that Android is actually more stable than iOS. However, that's not to say there aren't bugs in Android; and, new research from the firm that first uncovered Heartbleed is saying that a good amount of bugs are being caused by developers using recycled code.

IT research firm Codenomicon found that bugs in about 25 of the top 50 Android apps are originating from third party libraries that are used by many developers. The practice is quite common, because it allows developers to easily add more advanced functionality to apps, like security features coming from third party cryptographic libraries. It is impossible for any developer to be masters of all types of code, so shared libraries make everything easier. However, if those shared libraries contain errors, those will cause bugs that can propagate quickly as others simply copy-and-paste that code into apps. Chester Wisniewski, a Senior Security Advisor at Sophos, explained the issue by noting an example where WhatsApp tried to build its own cryptocode without the proper understanding of how to do so, and ended up with quite a lot of security flaws in its app. 

Codenomicon is planning to present its findings in more detail at the upcoming Black Hat security conference, scheduled for August 6th and 7th. The hope is to get consensus on ways to better test third party libraries, and make developers aware that those libraries need to be kept up to date and patched both in code hosting services like GitHub, and in apps as well. 

source: ReadWrite

FEATURED VIDEO

24 Comments

1. Anshulonweb

Posts: 468; Member since: Feb 07, 2014

can the same be said for iPhone Apps?..... just wondering...

2. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

Probably but this report is regarding Android.

12. 14545

Posts: 1835; Member since: Nov 22, 2011

Sure it is regarding Android, but the point he raises a very valid point. As the article also points out. "The practice is quite common, because it allows developers to easily add more advanced functionality to apps, like security features coming from third party cryptographic libraries."

13. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

Yes because that's the only way an app can be buggy. There are no other ways to introduce bugs to an application....yep.

14. 14545

Posts: 1835; Member since: Nov 22, 2011

Dude, I get you are a fanboy, even though you try and claim otherwise. But don't put words in my mouth. I never, EVER, once said that this is the only way an app can be buggy. Geez. Read, digest, then respond. He specifically asked if the same can be said about iOS. I pointed out, based on the article, that it is indeed probably true.

15. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

I also said "probably" in post #2 broski. What's the issue? Even if it's also the same case for iOS, does that automatically make it right for Android? Geez... Fandroid mentality: It's okay for me to beat up my kids because my neighbor does the same.

16. 14545

Posts: 1835; Member since: Nov 22, 2011

Again, reading comprehension fail. Read my posts and then respond. Otherwise don't respond at all. Thanks. Stick to what is written, not what you want to be written.

17. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

You're welcome.

3. marbovo

Posts: 658; Member since: May 16, 2013

This can be made by any object oriented programming language which probably is the case on ios apps. This is called heritage, and is one of the main principles of OOp

4. Mxyzptlk unregistered

It can, but that doesn't mean it's true.

8. reckless562

Posts: 1153; Member since: Sep 09, 2013

go home

21. Arte-8800

Posts: 4562; Member since: Mar 13, 2014

Lmfao Yeah go home Mxzy Guys look it's Mxzy

10. marbovo

Posts: 658; Member since: May 16, 2013

it can and it is true

5. tasior

Posts: 265; Member since: Nov 04, 2012

The same can be said for the whole programming world.

18. Finalflash

Posts: 4062; Member since: Jul 23, 2013

It can, but usually there are fewer 3rd party APIs for iOS. The reason for this is because Android is open source, you know exactly how most of it works. In Java you have ways to access non-public sections of classes and code by using reflection (a technique that is complicated to use and explain), but you can't do the same in iOS because you have no idea how it works other than the public APIs Apple has released. Since reflection is not officially supported by Google, they sometimes change things in the non-public section of their code which ends up breaking older 3rd party APIs that use that code and therefore, you have errors. This is just one of many examples, but it is less prevalent in Apple's ecosystem because the system is far more limited. Also, it is easier to notice errors and crashes in Android because the system just tells you every time it happens. iOS doesn't prompt the user and just shuts down the app, making it look like random to the average (or below) user.

20. 14545

Posts: 1835; Member since: Nov 22, 2011

Thank you for the explanation.

23. javy108

Posts: 1004; Member since: Jul 27, 2014

I thought this thread was about Android S:

6. Antimio

Posts: 313; Member since: Nov 11, 2013

It looks like some people forgot how to read. Title says ANDROID, not IPHONE. It's pretty obvious it does not affect Apple, they have "the world's most advanced and easy-to-use mobile operating system." Their words..

7. tedkord

Posts: 17094; Member since: Jun 17, 2009

Oh, well, if they say so...

19. Finalflash

Posts: 4062; Member since: Jul 23, 2013

It ain't a lie technically, anything seems "advanced" to their user base. Panorama/slow motion literally blew their minds.

9. reckless562

Posts: 1153; Member since: Sep 09, 2013

:) nail on the head!

11. Ninetysix

Posts: 2933; Member since: Oct 08, 2012

You're wrong. There are no bugs on Android. 99% marketshare and climbing!

22. VZWuser76

Posts: 4974; Member since: Mar 04, 2010

Hahahahahahahahahahahahaha you're so witty! Are you a comedian? He didn't say android wasn't affected by this because it is per the article. And he is correct if finalflash's comment above is true. Android and iOS handle their APIs differently. Why not try actually contributing something to the discussion instead of trying to be sarcastically witty but end up starting a flame war.

24. javy108

Posts: 1004; Member since: Jul 27, 2014

I think it always happen on any OS in the world.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.