Saturday, November 8, 2008

Android Root Shell Bug

Quite a bug was found on Google's G1 phone this week.

Here is the back story that led to its discovery:

I was in the middle of a text conversation with my girl when she asked why I hadn’t responded. I had just rebooted my phone and the first thing I typed was a response to her text which simply stated “Reboot” - which, to my surprise, rebooted my phone.
It turns out that all text input was (is?) being read as input and executed as commands in a background shell running as root!

wow.

It was likely just configured this was for debugging purposes and someone forgot to undo it in the release build.

If Google can screw up like this so can you and I. A nice reminder to be paranoid with our releases.

No comments: