Google strengthens the review of external contributors to AOSP to prevent malicious submission of bug code

September 19 news, Android Open Source Project (AOSP) refers to the people, processes and source code that create Android. People are responsible for overseeing the project and developing source code; processes refer to the tools and programs used to manage software development, and the final result is source code that can be used for mobile phones and other devices.

Currently, AOSP uses the Apache 2.0 open source license, which means that anyone can modify its code. However, one disadvantage of this strategy is that it provides an easy way for malicious people to damage it. In response to security issues, Google is strengthening the review of external contributors.

Android expert Mishaal Rahman explained that all external changes to AOSP now require review and approval by two Google reviewers. The goal is to prevent hidden security vulnerabilities and bugs in the code from entering AOSP - not to restrict who can submit code to AOSP.

In fact, Rahman made it clear that non-Googlers are not blacklisted from contributing. Instead, external code is only reviewed to give those directly affected a chance to determine whether it should be integrated into AOSP. This is a more thorough review process that helps screen the final code, identify the most beneficial parts, and reduce security issues.

Foreign media believe that this strategy may significantly reduce some of the vulnerability-related problems Google has faced in the past.

Just last year, David Schütz discovered a vulnerability in AOSP, a flaw that could allow hackers to bypass the Android lock screen. He later received a $70,000 reward from Google for reporting the vulnerability.

It is worth noting that Google has launched a project called Vulnerability Rewards Program in 2010. Since its launch, the project has contributed more than 11,000 vulnerabilities, and Google will reward them with cash. At present, Google has paid millions of dollars to these white hats.