Hundreds Of Software Flaws Found In Android
New open-source software integrity report from Coverity shows one-fourth of defects in the Android OS pose security problems
Google's popular Android mobile platform kernel contains more than 350 software flaws, one-fourth of which are high-risk for security breaches and system crashes, a newly released analysis of the open platform has found.
The Coverity Scan 2010 Open Source Integrity Report reveals the findings of testing by Coverity of more than 61 million lines of open-source code from 291 open-source projects, including Android, Linux, Apache, Samba, and PHP. Coverity specifically studied the open Android kernel 2.6.32 of an HTC Droid Incredible smartphone, but the report says other Droids likely have the same defects.
Google says around 65,000 Android devices ship each day, and industry experts project the smartphone platform will become the second largest worldwide by 2012.
The test found 88 high-risk defects in Android (25 percent of all defects) that mainly encompassed memory corruption, memory illegal access, and resource leak-type flaws that could crash the system or result of loss of data. The defects were thought to be in the shipping version of the HTC Droid Incredible, the report says.
But there's some good news here, too: "The Coverity Scan results for the Android kernel we tested show a better than average defect density, meaning this specific kernel is shipping with fewer defects than the industry average for software of this size," said Andy Chou, chief scientist and co-founder of Coverity, in a statement. "However, a significant number of these defects are the high-risk types that our customers typically fix before shipping their products to market. We believe that highlighting these risks proactively provides developers and OEMs with an opportunity to fix these defects before they become a problem."
Meanwhile, close to 50 percent of the flaws Coverity Scan found in all open-source software tested were "high risk," and the most common defects include memory corruptions, NULL pointer references, and resource leaks, according to the report, which is available here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Read more about:
2010About the Author
You May Also Like