First Android Security Flaw to Be Publicly Reported...

The New York times is reporting a security flaw in the G1, and to me it’s confirmation that Google left opening up the source to public far too late by doing it the day before users could go out and buy hardware with it installed.

If the source code had been available a few months (or even weeks) ago there would have been time for the collective eyeballs of the development community to take a look for problems like the reported one (which was found after a few days) and fix them before the device reached the hands of consumers.

So where are we now?, well, there are several thousand devices in the hands of non-technical users all of which have have a security flaw which could allow a third party to steal user-names and passwords for websites that those consumers visit… definitely not good for Android.

I can’t see this being the last problem found, and given that the first update was announced almost as users were getting their phones and it didn’t fix this problem, I can see a few more updates to come in the next weeks and months

The fact that the reported came to light so quickly shows the strengths of the open source process, but it also shows why the “Release Early, Release Often” strategy is the best way to go every time, and why companies such as Google shouldn’t keep the source code closed until the very last minute.