Platform security is not something you can add as a patch, it requires a plan. Currently the plan is unknown and will stay so because it is only the released code that is open in Android. That doesn't mean that Google or Android are bad, it just means that there are fairly big limits to what externals can contribute with.
----- Original Message ----- From: Chris Palmer To: [email protected] Sent: Friday, October 30, 2009 19:49 Subject: [android-security-discuss] Re: Enterprise Security support As an occasional Android insider and a full-time security researcher and advocate, perhaps I can provide some perspective on this. The Android developers are extremely effective and they work seriously hard. They're reading work email at 5 AM, after all -- and they stay late. But as Dianne says, it's a matter of resources and priorities. There's just not infinite time. Advocating for features you want is good, but being rude does not help anyone. Open source software is not inherently more secure -- that's not what Kerckhoffs meant. Open source just means greater transparency and the potential for community participation. The keygen feature could have been developed between the time it was first proposed and now. Dianne is super busy -- write it yourself! Encrypted storage and Exchange support are much harder. Read Niels Ferguson's BitLocker paper for an idea of how hard it is to do encrypted storage well -- and then consider the additional requirements of a mobile device. It's an exciting opportunity to contribute a great feature to a great OS. Get to work! Everyone is always looking for good developers. A good patch could be your job application. "Feel free to submit a patch" is not a way of telling you to go to hell. It's the open source rallying cry, a celebration of the open source spirit. We've got a great OS with a great design and we've got the code. On Oct 30, 2009 6:27 AM, "Chevalier Dev" <[email protected]> wrote: Correct: I only brought up open-source as a strong point for security (Kerckhoff's principle). On Fri, Oct 30, 2009 at 2:02 PM, Jean-Baptiste Queru <[email protected]> wrote: > > I'm sorry I misun...
