Recycled code causing bugs with popular Android apps

Recycled code causing bugs with popular Android apps
Android has long had the reputation of being a buggy system, despite research showing that Android is actually more stable than iOS. However, that's not to say there aren't bugs in Android; and, new research from the firm that first uncovered Heartbleed is saying that a good amount of bugs are being caused by developers using recycled code.

IT research firm Codenomicon found that bugs in about 25 of the top 50 Android apps are originating from third party libraries that are used by many developers. The practice is quite common, because it allows developers to easily add more advanced functionality to apps, like security features coming from third party cryptographic libraries. It is impossible for any developer to be masters of all types of code, so shared libraries make everything easier. However, if those shared libraries contain errors, those will cause bugs that can propagate quickly as others simply copy-and-paste that code into apps. Chester Wisniewski, a Senior Security Advisor at Sophos, explained the issue by noting an example where WhatsApp tried to build its own cryptocode without the proper understanding of how to do so, and ended up with quite a lot of security flaws in its app. 

Codenomicon is planning to present its findings in more detail at the upcoming Black Hat security conference, scheduled for August 6th and 7th. The hope is to get consensus on ways to better test third party libraries, and make developers aware that those libraries need to be kept up to date and patched both in code hosting services like GitHub, and in apps as well. 

source: ReadWrite

FEATURED VIDEO

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless