Skip to main content

It's been 9 years and Android still has a bad reputation when it comes to security

Android dudes
Android dudes (Image credit: Jerry Hildenbrand / Android Central)

"That Broadcom bug makes me not want to use anything other than an iPhone or Pixel."

That's what I heard from an admittedly security conscious friend while talking about him getting a new phone. The bug being referenced here, in case you're unaware, affected over 1 billion phones that use a Broadcom Wi-Fi chip and would have been an easy way for them all to be hacked in any number of ways.

Most likely the phone you're reading this on has a nasty, exploitable bug.

You don't have to worry about it if you have an iPhone or a Pixel (or any Nexus that's still supported) or an Android-powered BlackBerry because it was patched before it was disclosed to the public. But the Pixel, late-model Nexuses and Android BlackBerrys sold in minuscule numbers compared to all the other Android phones (I'm being very generous here). That means millions and millions and millions of other Android-powered phones are still vulnerable. Including the Galaxy S8, even though every Android partner has had access to the patch as long as Google and BlackBerry and Apple have.

In "real life" this is both a problem and not a problem. One thing goes hand in hand with every announcement of malware or other tricks and tools that can be used to remotely hack a phone: it almost never happens. But it still could. Simple logic says one day it will. And unfortunately, outside of some sort of government oversight on phone software (which nobody wants), there is no way to fix it.

The T-Mobile G1 — we've come a long way.

The T-Mobile G1 — we've come a long way.

Not long after the release of the HTC Dream/T-Mobile G1, a security flaw was found where anyone could take control via outside software. Early iPhones all used the same admin credentials for remote logins. This sort of thing comes with the territory — all software has bugs or holes that can be exploited. These early bugs were promptly fixed and updates were sent to the phones. That's not how it works anymore, at least for Android.

All software ever written has bugs. Good software has had them patched.

Because Android is given under an open-source license, Google has no control of how it's used outside of the requirements for access to Google Play and the associated apps. It's tough to wrap your mind around that unless you're familiar with open source software, I know. But Google simply can't force a company who makes Android phones into doing anything more than meeting a few minimum requirements designed to make them compatible with the APIs Play Store developers use to write apps. Even those are in question by courts in Europe.

This puts another company in control of the majority of the software we call Android, and with control comes a lot of responsibility. I truly believe Samsung (for example and because it is such a large part of Android) cares enough to want all of its customers to be immune to things like the Broadcomm bug. But that takes work and commitment that it is unable to give. It's not that Samsung doesn't care, it is just unable to fix it as fast because of how its business works. The same goes for every company that makes Android phones, possibly even more so because none have the resources that Samsung has.

It says Android right on the box, so this is Google's problem.

Software is hard. Doing it right — patching every known bug as soon as it's disclosed — is even harder. Adding yet another middleman means it's damn near impossible.

Ultimately, all this falls on Google's shoulders. The Android name is on the box, on the phone, and on your mind when you buy a new phone. This might not be fair to the people at Google who work hard to patch bugs and issue updates or security bulletins, but that doesn't matter. Android is Google's baby. When brand new phones from any company are running Android and have severe vulnerabilities, all eyes look towards Mountain View.

Google has done things to address the problem, and it is doing even more with Project Treble. I'm sure one of the long-term goals is to fix the issue somehow, whether that means a complete rewrite of the Android underpinnings or altering the usage license or pulling a rabbit out of a hat. It knows as well as we do that it owns this problem, and rather than cry foul it is trying to address it.

I hope it can do so before it's too late, because "not wanting to use anything other than an iPhone or Pixel" is a sentiment nobody wants to hear.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • That's an interesting read. But perhaps someone could explain why BlackBerry are able to patch their phones so quickly but Samsung can't?
  • Incentive maybe? BlackBerry has built their reputation on mobile security.
  • And that's the thing... I think you are overthinking this and it's a pointless topic to discuss. People who value security and appreciate companies that care buy Google phones or BlackBerry. Those who don't buy something else. It's a free market and people vote with their wallets. End of story. And I wish this topic would just be put to bed.
  • People who don't need to make sure they don't have anyone else's personal information in their contacts, social media apps, calendar, email or web history then.
  • That's a short sighted view you've got there friend. Google and Blackberry Android phones are not available in a lot of markets.
  • Perhaps it's a harsh statement (wouldn't call it short sighted). But even if Pixel or those BlackBerries (don't forget that there's also Android One) aren't sold in your country, there's always eBay, etc. And if the bands aren't supported (pretty sure they include all bands now) then I guess it's just tough.
    But expecting Google to somehow manage hundreds or even thousands of OEMs is unrealistic. Even if technically it's possible to have a "path" for Google to push updates to every single Android phone (nice dream), who's to say that some OEMs won't block it in some way? What about carriers?
    I'd say if you want to be mad at Google, be mad that Google isn't selling directly in more countries.
  • "pretty sure they include all bands now" LOL, are you out of your mind? All you need to do is look at ANY phone's list of bands, you'll see that there are ALWAYS gaps in the sequence, even for the OnePlus 5.
  • Ditto
  • Get real, most people are oblivious to this stuff. When they report it on the news, they don't educate anyone to which devices maintain their security better, they just say Android. Google needs to protect the users, period. Come up with a security certification seal and advertise it. Make manufacturers want the certification seal as a marketing point for their devices. This is easy, Google is being careless.. It can be free too.
  • But as referenced in the article, anything Google may do to "force" OEMs to get in line with security would be considered anti competitive by some governmental bodies. While I get what Jerry's saying that it falls on Google because they're the main company behind Android, it's not really the case. If everyone ran stock Android, the update could be pushed to everyone a lot more quickly. But OEMs like Samsung, LG, etc, choose to install their own UI skin on their Android devices. That adds another obstacle to get updates and patches out quickly. And in Samsung's case, the sheer number of devices makes it harder as well. Maybe if Samsung didn't put out different models that number in the double digits each year, they'd be able to get a better handle on this. But Samsung makes that choice to do that in both cases, so to lay the blame at Google's doorstep is a bit ridiculous. And to say Samsung, probably the largest in terms of employees and certainly the most profitable of the Android OEMs can't make it happen is as well. Hell many times they can't even get the monthly security patches out regularly. BlackBerry and Google can make it happen, but they run stock Android and only have a handful of different models. There I believe is the main factor. If Samsung whittled their number of devices down to at least less than 10 per year, and instead of an integrated custom UI made their software tweaks a custom launcher, they'd make this update issue a thing for the past. To say they couldn't do that with all the features isn't correct either. Motorola did it when they were owned by Google. Many of the features we have on our phones today, some form of always listening and and always on display, Motorola had 4 years ago, and they were separate apps that could be update independently of the main OS, which meant faster updates for not only those.apps, but also for the core OS and security patches, since they didn't have to hold each other up to send them out in the same update. So if Motorola could do it 4 years ago, why can't any of these larger OEMs do it now?
  • More important to them, blackberry has a reputation for being secure and they don't want to lose that just because of android.
  • They WANT to patch their phones, that's the difference....
  • If they didn't, what exactly would be the reason to purchase a BlackBerry device. Not trying to bad mouth the phones or anything, but that's one of their major selling point.
  • It depends on lot of things in my opinion. In how many countries they sell, what kind of testing they do and so on.
    Yes, Nexus and Pixel devices are the quickest receiving updates, but in all the years they've also been the ones with the most annoying bugs in my experience. On my Samsung devices I can't remember a big one (except during a beta testing I optedin) so I absolutely prefer slower but better tested updates over quick and dirty updates.
  • This is why I own a android powered blackberry.
  • Because Samsung has (too?) many lines of phones and other products with millions sold, while blackberry has barely 10% of that and only has like 2 phones
  • So how is this different from someone hacking your wifi card on your laptop???? I think as more the phone becomes a computer this will always be the case...not sure there's much you can do.
  • The opposite is true here. On a phone SoC, the Wi-Fi component isn't isolated the way it is on a PC. A WiFi chip on your PC acts on its own and is monitored by the system. On a phone, it's part of the system.
  • So this is going to be a a potential problem with W10 on arm? Off topic ofcourse, sorry for that. Just curious ☺
  • This should be, IMO, the catylist to put BlackBerry in a stronger position with other firms like Samsung to work on a device that is more secure from the core and each layer of the device. It would put a high end BlackBerry device on the market and help them and someone like Samsung. Win, win, if you ask me. But I wish it wasn't easier said than done.
  • THIS is the catalyst for people to move away from Samsung? Not the Note 7 explosions? (that they actively tried to cover up until they weren't able to deny it anymore)
  • Security on Android is fine.
  • Except it's not because most phones don't get the monthly security updates that Google releases. My unlocked Galaxy S7 was updated to the July patch yesterday but was previously on the April patch. 3 whole months without a single update and still on 7.0 not the latest 7.1.2. I'm going to get a Pixel 2 when it is released, I've had enough of Samsung's lack of updates.
  • Slow updates really don't bother me, I'd rather have better hardware and the extra software features. I have nothing critical on my phone.
  • Your in luck. My European unlocked HTC 10 is still with the January security patch :(
  • Ouch. It's a shame that HTC and Motorola have become so bad at updating their phones. When Samsung beats you, that's embarrassing. It really is looking like Google or Apple are my only choices going forward as those are the only two OEMs that can be relied on for frequent, timely updates.
  • My htc desire 10 lifestyle is on the June 17 patch
  • Yes and no. It's fine as in nobody is getting hacked, at least not in any numbers worth reporting. But very soon someone will find yet another flaw, and it will affect millions of phones. Google will patch it, and it will still affect millions of phones for a good while.
  • Oh got it. I'll take your word on that since you do know so much.
  • Isn't this already fixed on the Galaxy S8/S8+ with the July 2017 update?
  • For the models that got the July patch, yes. I'm sure the patch for other carrier branded models is coming shortly.
  • AT&T branded S8 here and I got they July update in the middle of July. I've had an update every month with the S8. Maybe Samsung and AT&T are starting to care.
  • Samsung has improved a lot. It's obvious they care (or they wouldn't do it at all). I only singled them out because Samsung is Android to so many people. I really think they are unable to get things done any faster, not unwilling.
  • BlackBerry KEYone checking in :D
  • And still I haven't seen a single person who has been a victim of any malware on Android - whether in my own social are or in forums. Personally I think that some people make it a bigger problem than it really is as .
  • So how would those in your social circle know if they had been the victim of malware? Most malware is designed for persistant exploitation, whether it it is click jacking or turning your phone into a bitcoin miner bot.
  • It is a problem, because some Android devices are literally the most secure mobile devices out there with iOS trailing somewhere behind less than ten devices. Problem is those 10 devices are less than 1% of the market. Most Android devices are still secure as long as morons don't sabotage their own security, but for the reasons provided, are much less secure than they ought to be. Dealing with any non Google or Apple oem is dangerous in itself because of having multiple sets of privacy and security protocols. Example, Google is the best major company in this game for privacy, but if you have a Samsung phone, that doesn't help much because Samsung is absolutely terrible on both privacy and security and your real protection is the weakest... You get the worst of all the fingers in the punch bowl.
  • There are a few things required for you to be secure on Mobile. 1.  You need to be on the most up to date OS version.  Right now, that's 7.1.2 (or any of the Betas higher). Being on 7.1.1 or 7.1.0 or 7.0.x is not the same thing and is inherently less secure.  Same thing applies to iOS builds, etc.
    2.  You need to leave your bootloader locked and avoid root, jailbreak, etc. Obviously there are reasons to do those things, but they all compromise security.
    3. You must be on a device that regularly gets security updates within 48 hours of them being released.  Right now that's Google, BlackBerry, Apple and sounds like Nokia is shooting for the same.
    4. Your device must be from an OEM that isn't going to compromise your security off the factory floor.  Huawei, Honor, ZTE and several others are off the list from the start.  Note, the Huawei Nexus so far is the sole exception as they had almost no access to the software that they leave compromised on their native devices.
    5. You must have Google Play Services working and on the latest version (on Android) and be using the Google Play Store as the source for all of your apps.
    6.  You cannot sabotage your own security by doing dumb af things, like disabling the security protections built into Android.  If you have 1 through 5 going for you and avoid dumb af things, it is as close to impossible as makes all odds to become compromised without other factors being involved, such as a "hacker" having physical access to your device and knowing your weak ass passwords, etc. All that hopefully sounds like common sense.  If it doesn't, that should start some questions being asked.
  • "You must be on a device that regularly gets security updates within 48 hours of them being released." How did you come up with 48 hours? Wouldn't zero hours be better? 48 hours sounds awfully arbitrary. For a phone that gets the security update two weeks later, the remainder of the month has the phone equally as secure in that aspect as Google's own phones.
  • 48 hours lead is approximately how long we have until the bulletin is posted publicly with a list of which vulnerabilities were patched. Those have a reference number to a detailed description, etc. An unsavory person with knowledge of which devices are patched against their favorite vulnerabilities can more easily and efficiently determine how best to attempt to breach device security. Getting the patch mid month means that there were many days with increased risk and getting it 2 months later is just multiplication of the risk.
  • Security against third party threats aside, the people keep forgetting that Google and Android are, in essence, a colossal ad corporation whose platform works as a huge vacuum cleaner, is scooping your data for its own use in first instance and, when necessary, you can for the US government (much like the others, but like Microsoft, Microsoft, Yahoo, Apple etc). There isn't inherently any safety on any device we currently use, but regardless of what they do to pretend to be improving their safety, it is Android devices leaks data round the clock. You need to just download a traffic sniffer to see what happens to your device. It connects to Google headquarters, and but also to NASA centers, pharmaceutical companies (depending on what app you are using). What these pings are doing and why they exist is unclear. Because it's single non Google apps doing the job and not Google itself often. Google is the enabler. And it's agnostic. You can use qq and we chat and see your connection going through Shenzhen, and where the base company is, and but part of your data also goes through Beijing. In substance, neither the platform nor the apps are safe or secure, it is by any means. And there isn't any alternative because people prefer free stuff and choice to security. And the two don't match well. You can't expect safety in an ecosystem based on fake free apps and a platform that's ad based and works for a lot of entities all of which seem very interested in knowing much more than they need about you. And it's in a regime of quasi monopoly.
  • Well said. Absolutely true. If using an Android powered device then you make a known compromise. You compromise some level of privacy and use of your data for the services they provide for free. Some people have no problems with this notion. I do to some degree but I like Android better than ios so I have to compromise. The best mobile os out there was BlackBerry 10. However, it didn't take off. Likely because BlackBerry 10 apps couldn't be monetized as well due to security requirements. I absolutely loved my Z10 and wish BlackBerry 10 was the mobile os but it fizzled. We are left with ios and Android. Maybe if Alphabet bought BlackBerry we would see BlackBerry 10 technology that would secure our devices. Maybe. I am sure BlackBerry uses some aspect of BlackBerry 10 in its devices to secure their devices. That is why I hope BlackBerry persists and it's partnership with TCL blossoms and new high end devices with exceptional security come forth. If so I will continue to use BlackBerry branded devices.
  • I agree blackberry was strong at this, but Apple and Microsoft are both worse for user privacy than Google. Microsoft gives themselves permission to sell your data and does so. Apple gives themselves permission, but does not do so and Google does not give themselves that permission.
  • You guys have very good comments - appreciated - And I agree
  • Google just needs to put their big boy pants on and get things done. Android phones make up a large part of the market. It's not like carriers and manufacturers have much choice.
  • Short of redoing the whole license agreement for the base Android code that all Android phones use, I don't see what else they can do.
  • And with the way things are going for Google in the EU, they'd call it anti competitive and fine them. The OEMs who put their own spin on the software made the decision to do so. If they'd run stock Android, the patch could've gone out almost as quickly as Google or BlackBerry (dependent on drivers and SOCs where applicable). But with the software tweaks the made to Android, no they have to test it against those software tweaks, which means more time before the update gets pushed to end users. Those companies made the decision to customize the software, and customers with any knowledge of phones (many don't and just buy what's popular) made the decision to buy those devices. It would be like if I bought a 2 seater and then complained about only being able to transport 2 people. The companies who made the tweaks and customers who bought the devices need to take responsibility for their actions.
  • I think it is important to keep having this conversation. I think it helps breed out complacency in all parties involved. Also, to some degree, shows the phone makers their efforts on security matter to many of us.
  • All iPhone from 3GS to iPhone 7 usa broadcom chip and are vulnerable. The patch comes with latest iOS 10.3.3, which just released recently.. Does iPhone 3gs - iPhone 4 get latest iOS 10.3.3 update? So is much worser with iPhone than Android devices. Also this isnt first time iPhone have Wifi security problem.
  • By that logic it would be worse on Android then if we're talking older versions of software. There are tons of budget devices still for sale with 4.4 that will never see an update for the life of the device. There are also many more people using older Android devices than iOS devices.
  • According to ars, only iPhone 5 and up use the chip and was patched in 10.3.3. Which is 5 years of updates. Android can't touch that.
  • Not to mention you don't even know what you're talking about. Even the article you linked to says it only affects the iPhone 5 and up. Not sure where you got 3GS and up...
  • I think they were confusing the iPad with the iPhone. IIRC one of the articles on this subject stated that iPads since the beginning have used the affected Broadcom chip.
  • Google phones do NOT have the problem but other Android phones do and it is on Google? Do not think the author would do well in a logic class. Simply buy an iPhone or a Pixel and the problem is solved. This is also how you get the other Android OEMs to get their act together. How capitalism works. Or do you want the government to regulate? Google to come down with a heavy hand? BTW, I have NEVER had a single problem with an Android phone and do not know anyone else that ever has. I have had problems in the past with Windows as everyone I know has. I am NOT convinced there is actually an Android issue for "real" people.
  • Google owns Android, so they do have a responsibility. They have a shared responsibility with the carriers and OEMs to take care of their customers.
  • Right but Google can't control whether oem's update their version of Android with the latest security patches and software updates.
  • This is right from the article:
    "That means millions and millions and millions of other Android-powered phones are still vulnerable. Including the Galaxy S8, even though every Android partner has had access to the patch as long as Google and BlackBerry and Apple have." So Samsung, LG, and all the other Android partners have had access to the fix for as long as Google and Apple have. The difference is, most Android OEMs have custom UI skins that require more effort to make the patch work with their custom software. The phones that run stock or near stock Android, Google's and BlackBerry's devices, are patched. And as it also stated in the article, Google can't force them to update their devices beyond the current licensing agreement, which is under fire in the EU for being anti competitive. I'm sorry but this is on the OEMs who made the decision to tweak the stock Android software.
  • I wished very much to get frequent security updates. I love updates! However, let's not forget that 99% of security breaches happen because of the users. It's the same as with PCs. Common sense, a healthy skepticism when browsing the web, clicking every link in your mail inbox, flashing apps not from Google Play. I could go on and on. Also, most of this stuff happens in China and other such markets. For one, there are more cheap Android phones from unknown local manufacturers, running outdated OS versions in circulation, and second, often there is no access to the Play store.
    So, personally I'm not really worried but that doesn't mean I wouldn't welcome positive changes!
  • I've read through all the comments so far, but haven't seen anyone mention the use of a VPN, would this help with some level of avoidance of these security holes? Or am I thinking in the wrong direction
  • A VPN masks your ip address, I don't see how that would provide you any additional security. If there is a vulnerability in Android or in the firmware of the phone you would still be susceptible to that flaw.
  • Why do you think a VPN is at all relevant here? VPN's are for protection in transit when on an untrusted network, they don't protect against client-side security holes.
  • Not only have I heard of very few issues regardless of OS, but those I have heard of have all been easily avoidable user errors - i.e. sideloading sketchy apps, or phishing attacks. Vigilence is important but let's not overhype the actual problem here.
  • This Broadcom Wifi vulnerability only requires you to be in the wrong place at the wrong time (with Wifi enabled), something one can't know in advance and thus easily avoid (other than nevar permitting Wifi to be enabled except at secure locations).
  • Google owns Android but I don't fully think they own the software on the phone after a company like Lg or HTC adds their modifications to it. When I see Samsung or other vendors phones I feel like they are responsible for what is on that phone. Talked with a lady next to me on a public transit bus. I asked her what kind of phone she was using. She replied "a cricket". Most people think they are using a carrier phone and with amount of carrier modification in the phone ..they are. So the only people that are concerned about this are us tech people and news organizations. With the coming project treble if companies can't get the security updates on the phone in a timely manner then as far as im concerned those companies own the problem. Me..I'm continuing to stick with Google phones for as long as they are available to me.
  • Finally someone else sees it.
  • Google owns AOSP. Google doesn't exclusively own Android. When OEMs fork AOSP, those forks are still called Android, but are owned by the OEM.
  • I understand this can be a big deal, but let's be honest. The public doesn't care and won't care until there's some big hack. Then manufacturers will take it more seriously.
  • If Google was actually concerned they could deny Google services to affected phones. This would immediately put the burden on carrier / manufacture to supply a patch or update. Having been a smart phone user since the start it seems ludicrous that the chicken little stories show up every couple months. It is as if they want issues like this to happen. E.G. "If you bought the Pixle, you would be safe"
  • Ok, say they do that, block any affected devices from Google services. While it would certainly put pressure on the OEMs to get them out, it would violate their own licensing agreement. And currently, that licensing agreement is being called too restrictive already by governmental bodies like the EU. But if they did that, the only ones really being hurt would be the end users, as who knows how long it would take the OEM to patch it. If it takes them months, that's ok to deny affected end users access to Google services? I think you'd see a ton of legal action against Google if they did that.
  • A friend posted on this today. I have a T-Mobile Nexus 6 which hasn't received an update since April 2017 (and was still running 7.0). So, I took the plunge and updated to 7.1.1 July 2017 update, via adb. Issue addressed, and problem solved. I realize everyone won't sideload with something like adb or fastboot. But now that I've done it, I question why I waited as long as I did.
  • That's good for you and owners of Nexus/Pixel phones, but A) your average user doesn't have the technical skills to pull that off and B) most phones bootloaders are locked. Manually updating is not really an option for the majority.
  • The problem is that releasing software updates for all the various phone models in use costs a significant amount of money. I bet if the phone companies could charge a large enough fee for delivering software updates to customers they would be much more interested in doing it. Unfortunately consumers have been conditioned by the PC industry (Microsoft and Apple) to expect software fixes for free.
  • Does the author seriously believe that the second-biggest phone manufacturer in the world with gigantic amounts of revenue can't hire a few people to keep their phones updated? Samsung doesn't care about their customers in the least. They've demonstrated it often enough.
  • I thought the same thing. They sell so many phones. That's their only agenda. Sell sell sell and instead of updating phones, get people to buy new ones. I love my s8 but my s7 edge was a piece of junk and although I'm on latest patch, it should be on 7.1.2 already. Samsung only cares about money and selling, not updating. So many Samsung phones out there aren't patched it's ludicrous.
  • This is an issue that has been on my mind lately as I decide about getting new phone. Because I use my phone for both work and personal use, I am extremely concerned with having the most secure device possible. While Project Treble looks promising, it also looks like PT will still rely on the manufacturers to send out the security updates, which will will continue the track of some will be better than others. What Google really needs to do is take over the process themselves. I wonder if they can create an app to handle updating security or process sort of like they update Google Play services, Thus they could push out updates on their own ala Apple. Even if they charged a nominal fee, it would be worth it to those of us who highly value updated security protocols.
  • This is no different than MS having to take the blame for things like when Lenovo shipped 'Snapfish' on their laptops...MS takes the heat for a vendor installed software issue. Same thing...with MS being less in the public eye, and Google / Android stepping into it...this is just the price they pay...nbd
  • The security issue is really stupid and can be fixed today. Just add security patches to the list of requirements to licensing Android. Done! You can't or won't patch then your license is pulled. See how easy that was? No more bs, all these oems love those fat margins associated with selling phones. But they lack the resources for security patches, huh? They're not even doing the hard work, Google is giving you the patches every month. There is no excuse other than laziness and or greed. They just don't want to expend the time and money it takes to patch their code. All they want is the profits and not having to support it beyond a year.
  • Fat margins associated with selling phones? LOL, that's really funny! I guess you didn't read the article Jerry posted recently about OEMs barely being able to give away 7% or so of the price of a phone to Qualcomm.
  • That has more to do with them not wanting to pay rather than their ability to pay. And yes, there are fat margins on a $200 slab of glass and metal. I don't care about R&D and blah,blah,blah just save it. If there weren't these huge profits on phones nobody would be making them. No margins? That's why there are a thousand Chinese oems making phone because they all want to make $3 per phone, is that about right?
  • Hui! Yesterday I was complaining about all those none existing security updates and right now I'm downloading the latest patch for my Note 5. I really thought after the Nougat update a few months ago Samsung was done. 👍
  • Jerry wrote "All software ever written has bugs." Some programs, by their very nature, don't have bugs. Pretty much any Hello World program, for example. Or yes, no, and probably cat.
  • Software is hard indeed. there is so much to keep an eye on. it's even a tough job for a regular QA guy.