Teeth make smiles, and smiles make sales - Unidentified Harrods person in Alan Sugar's The Apprentice
|
|
|
359 flaws found in Android
INSECURITY EXPERTS at Coverity have issued a report on kernel flaws found in the Android mobile operating system.
The "Scan 2010 Open Source Integrity Report" picked one flavour of Android because each kernel is tinkered with by the hardware maker.
It chose the HTC Droid Incredible to pull to bits because one of the sales engineers had one and wanted to know how bad it really was. Not the most scientific selection process but better than sticking them on the wall and throwing a dart at them.
It turned out that the Android operating system on the sales engineer's phone had some bugs.
The average defect density for the Android kernel was 0.47 defects per 1,000 lines of code. This is actually pretty good, half of what you'd expect compared to the industry average of 1 defect per 1,000 lines of code.
There were 359 defects in total and of these, 88 of the defects were "high risk", a category that includes memory corruption, resource and memory leaks, and uninitialized variables.
The Android-specific portions of the kernel have a higher defect density than the rest of the Linux kernel.
The security outfit found the code at the HTC's developer site, configured, built, and analyzed it.
It is sending all the details to HTC and other insecurity outfits before it goes public with them. Otherwise you might get some nasty hackers having a field day. µ
Share this:
Share
Hey this is great news for the android users, but not all of them. There are plenty of people stuck in the 1.6 and older kernels. So while security will improve in the long run, more people are going to be in trouble if they cant upgrade. Thanks to android i get screwed twice, once by Samsung for not releasing an update. Then after this flaws are out on the wild.
As far as finding out what flaws are on the IOS. The dont release source code so its a mystery. But be assured that there are always flaws.
How many faults does iPhone OS have? Perhaps these blokes should get hold of an iPhone and test that?
But because its open source, it allows 3rd parties to easily inspect/test/assess and more importantly FIX these bugs. How many bugs do closed mobile OS's have? Who knows! Now that to me is more scary.
The Autor don't even mention what vertion of Android. I guess that those flaws are for ever
Coverity has been testing open source software since 2006.
= http://scan.coverity.com/
A bug is a bug. It shouldn't be sensationalised, prioritised, played down, or even swept aside for another day...It should be fixed (or the whole component be re-designed)...Period.
The Android security team has 60 days before the details become public.