We’ve all been there: you’ve signed up for a free trial and are ready to get started.
But, what happens when your computer, tablet or smartphone suddenly starts to fail?
What’s the best way to fix it?
And what’s the risk of being left with a nasty security advisory or bug report?
These are questions that have been raised by many people as the rollout of Android 4.4 KitKat approaches.
The Android Security Advisory Committee (ASAC) has recently issued its latest update on Android 4, and it’s set to make some big changes.
The new process is much more complex than the one used in the previous Android releases, and while some people may feel relieved that the process has been streamlined, others are not.
In a nutshell, ASAC has decided to create a new, more stringent process for security audits and bug reports.
“We’re moving away from the current process where we’ve seen reports go through one round of review by a single person who is in the position of deciding what goes on in a particular app,” ASAC CEO David Ebers told us.
The changes, as outlined in the update, will require a two-step process.
First, the reviewer will have to complete a security audit on the app, before it is allowed to go live.
The second step will be to provide a bug report, detailing what went wrong with the app.
“This second step is really important,” Ebers said.
“The way the security audit process works is you provide the app with an advisory, and then we review that advisory.
If the advisory is not helpful or does not solve the issue, we remove the app from the store.”
In this new process, we’re not doing that.
Rather, the advisory itself will be an independent assessment and we will not accept it.
“Ebers stressed that the new process will only be effective if it is accompanied by a full security audit, which is now part of the Android 4 SDK.
It’s not going to be part of a full audit. “
We have not been able to get the full audit to go through as an app is not an official part of our system,” Eber said.
“It’s not going to be part of a full audit.
There’s a lot of work that needs to be done on that, and we’re very committed to that.”
So what happens now?
As of March 6, the ASAC will be reviewing and approving more than 4,000 apps on the Android Market, and the new security audit system will only apply to the new apps.
The ASAC is also taking steps to improve the quality of reviews, including requiring reviewers to use more secure software for their work.
The change will also apply to any app that uses a public API or API-like mechanism, and will also allow developers to choose the best security testing method.
This includes apps like Dropbox, which recently announced it would be releasing an API-based security audit and patch tool that can be used by independent researchers to look at a specific bug and patch it quickly.