Re: What can't you do on Android WITHOUT a Google Account set up in the OS?

Jeff Layman <Jeff@invalid.invalid> wrote:

I don't disagree, but that's what happens over a long development time.
However, nobody else is better placed than those inside Google to know
what Android does. And that's what  concerns me - who knows what
"innocent" code they've included that nobody else knows about? Have
Graphene and others /really/ looked through all the code and know what
it does?

As a software QA tester, I would visit the programmer responsible for
the part of the software they were working on to ask about testing
procedure, and about what-if scenarios.  Too often they didn't know, it
was someone else's coding job, but that guy only knew that code, and not
the entire product, and often the response to many what-if scenarios is
they wouldn't happen (but I can reproduce them then so can customers).

Too often the programmers would add "innocent" code they thought was
helpful, but didn't like when I required a new check-in code branch
which exposed their little changes, and their little fixups as a result.
When they made even a little change, we in QA had to come up with
testing for it, but the devs didn't document the changes in the
Functional or Engineering Spec docs, and we'd find it by accident.  We
had weekly review meetings during development, and sometimes I'd ask a
question that had all the devs turning their heads, and no one offering
a response.  Too many cooks making a meal.

I haven't heard that the Android OS or Graphene OS have had independent
audits despite they may be free open source.  FOSS doesn't guarantee
anyone outside the dev team has inspected the code.