I think the over use of third party code libraries is a big part of the problem that no one wants to talk about. They are a prime target for those who want to subvert device security, they know if they can infiltrate an organisation or project that develops a code library and introduce a security flaw, it will potentially affect millions of users and most developers are not going to examine the code in code libraries, they just use the functionality they need for their project. I think there should be a website where all the individual classes that are bundled together in libraries are posted ready for developers to copy paste directly into their project. Especially crypto. Developers are far more likely to go over the code and spot bugs if they did that. Try and search for source code for any well known crypto it is hard to find. They always are saying dont roll your own crypto, use the code libraries, yeah sounds to me like advice to make sure the security flaws they introduce affect everyone.
