Nearly 100 ‘high risk’ flaws found in Android OS

InvisibleSHIELD.  Scratch Proof your iPhone 4!“The central kernel of the Android mobile operating system has hundreds of defects, according to new research,” Jennifer Scott reports for IT PRO.

“The study, undertaken by Coverity, revealed 359 flaws, with 25 per cent of of them being ranked as ‘high risk.’This ranking meant they were likely to cause a security breach or crash a device running the operating system,” Scott reports. “Andy Chou, chief scientist and co-founder of Coverity, said… ‘a significant number of these defects are the high risk types that our customers typically fix before shipping their products to market.’”

Scott reports, “Chou said the aim of the report was to give the makers of the software a chance to fix things before they became a problem but the Android study was of Froyo, which is already shipping in a number of mobile devices.”

Full article here.

MacDailyNews Take: Have fun with your mobile banking, iPhone have-nots!

[Thanks to MacDailyNews Reader “Dan B.” for the heads up.]

30 Comments

  1. This headline is really misleading. One of the main points made was that Android has an extremely LOW number of flaws for a OS with this amount of code.

    MDN is definitely not a “no spin zone”

    Mac OS (and iOS) has its own major flaws, and Apple is typically slow to fix them. The only thing protecting iOS users is Apple’s control over what they allow apps to do via their app review for the app store

  2. It has taken, what, over 6 or 7 years to bring iOS to where it is now (counting initial development/research time)? And these guys think their first or second serious iteration is going to compete with a mature, tested operating system?

    Just wait until the hackers REALLY get ahold of a widely-disseminated Android tablet. People will be pulling their hair and eyebrows out of their skulls with grief and anger!

    Haste makes waste, Eric. But, then again, you deserve everything that is about to befall you.

  3. @critic

    “The only thing protecting iOS users is Apple’s control over what they allow apps to do via their app review for the app store”

    Yes. That was Apple’s intent. Seems like that choice is a sound one. And it’s not like Apple thought hey we have a crappy kernel lets throw in a walled garden just to be on the safe side. It’s not like they did this and thought, wow we just dodged a bullet. Aren’t we proud of ourselves. This is planning, preparation and pragmatism. I applaud it.

  4. No its not “really misleading”. Android was never developed with any attention to security because Googles business model is to monetize users personal information. Security is way down on the list as is UI and pretty much everything else.

    Apple’s “major flaws” do not result in real world problems where Androids do.

  5. @Randian

    “It has taken, what, over 6 or 7 years to bring iOS to where it is now”

    Actually, iOS is just the core OSX with essentially a different UI. And OSX is essentially NeXTSTEP OS which got it start when “a team led by Avie Tevanian, who had joined” NeXT “after working as one of the Mach kernel engineers at Carnegie Mellon University, was to develop the NeXTSTEP operating system.”

    http://en.wikipedia.org/wiki/NeXT

    So it’s been around a damn long time longer then 7 years. Just sayin.

  6. @critic

    The relevant missing section:
    Andy Chou, chief scientist and co-founder of Coverity, said: “The… results for the Android kernel we tested show a better than average defect density, meaning this specific kernel is shipping with fewer defects than the industry average for software of this size.”

    This is the part I like:
    “…of this size.”

    So the metric is defects per kilobyte? What difference does that make. There are 359 flaws 25% of which are high risk.
    So 90 high risk flaws which the article points out are the type usually addressed before shipping a product.

    Now who is spinning?

  7. @critic

    Your critique is really misleading. While the original article does note the Android kernal shows a better than average defect density, the comparison seems to be to other open source products such as Linux, Apache, and PHP. Other than Linux which is used by what 0.00001% of computer users, the other products are intermediary products that are incorporated into other operating system environments. The Froyo version of Android is an end user product that is used by millions of smartphone users.

    Like MDN says, if you are doing your mobile banking on an Android phone, I hope you keep your balance real low.

  8. They need to accidentally post the defects so hackers can play with them ” width=”19″ height=”19″ alt=”wink” style=”border:0;” />

    And ten make an app to let us iPhone users mess with the android fanboi’s.

    Walk by an annoying android fanboi… Launch app, press the “wipe nearest android phone” button, and watch them cry ” width=”19″ height=”19″ alt=”smile” style=”border:0;” />

  9. The very fact that iOS can be jailbroken repeatly even before release and by using Safari at a website even doesn’t speak highly of Apple’s programming or security attention skills.

    Android has flaws, but it’s because it’s code is open to inspection that these flaws were found.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.