Print 30 comment(s) - last by Lazarus Dark.. on Nov 5 at 6:54 PM

Froyo has a few bugs in it.  (Source: rainab on Flickr)
Many of these bugs could expose private user info, much like recent Apple iPhone bug

Android may be open source, but that doesn't make the popular smartphone operating system invincible to security problems.  Hot on the heels of a recently discovered iOS 4.1 vulnerability that could give malicious users access to a locked iPhone's phone app, messaging app, and more, a plethora of Android vulnerabilities have been identified.

The new Android vulnerabilities were discovered by researchers at security firm Coverity.  In their Coverity Scan Open Source Integrity Report the researchers scoured 61 million lines of open source code, including the Android OS source used in the popular HTC Droid Incredible.  Code from Apache, other Linux kernels, PHP, and Samba were among the 291 open source projects examined and compared to the Android kernel.

The team identified 359 bugs in the code.  Of these, 88 of them (roughly 25 percent) were categorized as "high risk" -- bugs that could endanger users' privacy.

Coverity gave Android mixed praise for the quality of its code.  It said that Android had a lower density of bugs per thousand lines of code than average open source software.  But it said it had a higher bug density than the highly scrutinized Linux kernel and that some of the critical bugs should have been caught before release.

While every Android distribution is slightly different, even for the same operating system number, it is thought that these vulnerabilities likely appear in most Froyo-equipped Android phones.

Google has responded quickly to Coverity, reportedly preparing over-the-air fixes that will be delivered by January at the latest.  Coverity is holding off on releasing details of the vulnerabilities until those fixes are delivered.  Over-the-air fixes are one reason some security experts say Android's security is superior to that of the Apple iPhone (iOS does not have over-the-air OS updates).

Google now has something in common with Microsoft -- as the market leader in a major OS segment, it is the highest profile target for exploitation.  Google owns nearly half of the U.S. smartphone market, while RIM and Apple each have roughly a quarter of the market.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Not really open source
By Orpheus333 on 11/3/2010 10:48:35 AM , Rating: 0
I Disagree citing the many different mods you may run, for instance, I use cyanogen mod 6.

RE: Not really open source
By Alexstarfire on 11/3/2010 10:53:46 AM , Rating: 2
You do realize that those mods only came out AFTER the source code for that version of Android was released into the wild? Hell, it's why I'm still waiting for a modified Froyo ROM for my Captivate. Samsung hasn't released as official version yet for people to start modifying. Once they do the mods come out pretty quickly though.

RE: Not really open source
By ninjaquick on 11/3/2010 12:29:41 PM , Rating: 2
All a mod team has to do is write the drivers. if the source code is opened up that makes it easier but the fact remains that Android is completely open source meaning you can do whatever you want to is from Google's source. Anything closed source (aside from GAPPS) would be due to manufacturer or carrier's being d1cks.

RE: Not really open source
By Klober on 11/3/2010 5:09:46 PM , Rating: 2
Hey Alexstarfire,

Just FYI, I'm already running a Froyo ROM on my Captivate and have been since the beginning of October (started with Cognition v2.2 BETA3). I'm currently running Cognition v2.2 BETA9.1.3 (based on JI6 Froyo leaked ROM) and it's working great.

My phone sips battery juice now - one day last week when I was paying attention I was 4 hours off the charger and still at 100%, and at the end of my work day (over 10 hours off the charger) with some email and 3G web browsing I was still around 83%. Right now I've been off the charger for 8 1/2 hours with browsing, updating apps, email, texts and browsing the market and I'm still at 73%.

I'm pretty happy so far, but tonight or tomorrow I'll probably do a full backup and try out the newest Cognition ROM (v2.3b1) to see the differences and see how it fares since it's based on JJ4 which is the newest Froyo leak.

I don't know if that's what you meant by a modified Froyo ROM, but if it is and you want more info let me know.

RE: Not really open source
By Alexstarfire on 11/3/2010 11:28:43 PM , Rating: 2
I know about it. I haven't gotten it since there are supposed to be several bugs. Been waiting for the official ROM. Could have changed since they are on version 2.3 beta now.

"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki