Boondoggling Google


The hits keep coming for Google!

Earlier this month, Google announced steps it was taking to remote wipe more than 50 malicious applications that android-google-malwareinfected Android devices through the DroidDream malware, which had gained root access to devices running Android OSs from 2.2.1 (Froyo) and older. Just days later, Symantec uncovered a fake Google Android update bearing a name identical to the security update intended to remove DroidDream malware from devices.

Talk about insult to injury. However, you could say, in some fashion, Google had it coming.

DroidDream had exploited a pair of vulnerabilities called “exploid” and “rageagainstthecage” which were issues remaining from Froyo, an earlier Google mobile OS... and these were not the first vulnerabilities discovered in Android OSs that were linked back to Froyo. Meanwhile, the faux patch, according to Mario Ballano of Symantec, appears to have been hosted on Google Code and licensed under the Apache License. Google claims to have patched these vulnerabilities in Android versions above 2.2.2, but many have yet to download the new version.

By not acknowledging these vulnerabilities, or perhaps not knowing they existed, Google left itself open to hackers looking to latch onto and infect the fastest growing mobile platform in the U.S. and showed once again how vital attention to Internal Quality is to software.

NOT Ready for Prime Time

As we’ve said before about Google’s mobile OSs, Google should have taken the time to perform automated analysis and measurement of their software before they declared it “ready for prime time.” Had they done so, they would have had the opportunity to identify the old vulnerabilities and plug the holes. Moving forward, Google really needs to go beyond testing, which cannot sufficiently assess the structural quality of the entire system, and identify those areas that could lead to problems post-deployment.

CAST measures structural quality using hundreds of metrics that capture the design and implementation issues within complex systems; particularly important as more and more application software is built upon layers of code that may already be bringing flaws to the party. By quantifying structural quality in terms of Technical Debt – the cost of fixing the structural quality problems that cause severe business disruptions – CAST not only identifies the IT issue, but makes the business case for its resolution.

Whatever Google does, it should do something to stop its recent history of being boondoggled by hackers exploiting gaps left over from old versions.

  This report describes the effects of different industrial factors on  structural quality. Structural quality differed across technologies with COBOL  applications generally having the lowest densities of critical weaknesses,  while JAVA-EE had the highest densities. While structural quality differed  slightly across industry segments, there was almost no effect from whether the  application was in- or outsourced, or whether it was produced on- or off-shore.  Large variations in the densities in critical weaknesses across applications  suggested the major factors in structural quality are more related to  conditions specific to each application. CRASH Report 2020: CAST Research on  the Structural Condition of Critical Applications Report
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
Making sense of cloud transitions for financial and telecoms firms Cloud  migration 2.0: shifting priorities for application modernization in 2019  Research Report
Jonathan Bloom
Jonathan Bloom Technology Writer & Consultant
Jonathan Bloom has been a technology writer and consultant for over 20 years. During his career, Jon has written thousands of journal and magazine articles, blogs and other materials addressing various topics within the IT sector, including software development, enterprise software, mobile, database, security, BI, SaaS/cloud, Health Care IT and Sustainable Technology.
Load more reviews
Thank you for the review! Your review must be approved first
New code

You've already submitted a review for this item