backtop


Print 30 comment(s) - last by Lazarus Dark.. on Nov 5 at 6:54 PM


Froyo has a few bugs in it.  (Source: rainab on Flickr)
Many of these bugs could expose private user info, much like recent Apple iPhone bug

Android may be open source, but that doesn't make the popular smartphone operating system invincible to security problems.  Hot on the heels of a recently discovered iOS 4.1 vulnerability that could give malicious users access to a locked iPhone's phone app, messaging app, and more, a plethora of Android vulnerabilities have been identified.

The new Android vulnerabilities were discovered by researchers at security firm Coverity.  In their Coverity Scan Open Source Integrity Report the researchers scoured 61 million lines of open source code, including the Android OS source used in the popular HTC Droid Incredible.  Code from Apache, other Linux kernels, PHP, and Samba were among the 291 open source projects examined and compared to the Android kernel.

The team identified 359 bugs in the code.  Of these, 88 of them (roughly 25 percent) were categorized as "high risk" -- bugs that could endanger users' privacy.

Coverity gave Android mixed praise for the quality of its code.  It said that Android had a lower density of bugs per thousand lines of code than average open source software.  But it said it had a higher bug density than the highly scrutinized Linux kernel and that some of the critical bugs should have been caught before release.

While every Android distribution is slightly different, even for the same operating system number, it is thought that these vulnerabilities likely appear in most Froyo-equipped Android phones.

Google has responded quickly to Coverity, reportedly preparing over-the-air fixes that will be delivered by January at the latest.  Coverity is holding off on releasing details of the vulnerabilities until those fixes are delivered.  Over-the-air fixes are one reason some security experts say Android's security is superior to that of the Apple iPhone (iOS does not have over-the-air OS updates).

Google now has something in common with Microsoft -- as the market leader in a major OS segment, it is the highest profile target for exploitation.  Google owns nearly half of the U.S. smartphone market, while RIM and Apple each have roughly a quarter of the market.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Not really open source
By Flunk on 11/3/2010 11:20:33 AM , Rating: 4
It all depends on your definition of open source. By the loosest definition open source only means that the software is provided with the source at the time of release, which Android is.


RE: Not really open source
By Aloonatic on 11/3/2010 11:47:37 AM , Rating: 1
and who it is open too.

Isn't Android open to manufactures to tinker with, but not for end users/the general public etc.


RE: Not really open source
By SkullOne on 11/3/2010 1:19:27 PM , Rating: 2
Go Google CyanogenMod


RE: Not really open source
By foolsgambit11 on 11/3/2010 5:31:07 PM , Rating: 2
Android is made available under the Apache Software License (except the kernel, which is GPL), which allows us to distribute modified versions of the software. As I understand it, they chose the Apache license so that handset makers wouldn't be obliged to release any modifications they make to the code. However, I have heard complaints that Google takes a while to update its code repository to the currently released version. It's not that you can't tinker with Android, it's that it's hard to get it working on an actual handset because the drivers for phone hardware are proprietary and not publicly released. Still people manage, like those who have managed to get higher versions of Android running on their phones while waiting for their carriers to put out an upgrade.


RE: Not really open source
By Aloonatic on 11/4/2010 3:22:49 AM , Rating: 2
Thanks for the replies :o)

I'm not sure why I got rated down for simply asking a question, though maybe it was as my wording changed in edit and I forgot to add a question mark maybe? So many petty, sad little people on here.

Wouldn't be the same without you tho guys :o)


RE: Not really open source
By Lazarus Dark on 11/5/2010 6:54:12 PM , Rating: 2
That is exactly the issue. While you could do whatever on say... an arm-based motherboard with all standard components, there is NO standard for phone hardware, therefore no standard drivers, you have to create drivers for each phone as it is now. I would hope that with say, arm-based nettops (like google tv) or netbooks, there may hopefully be more standardized components. But I understand the current phone-hardware climate just wont allow this for probably a few more years.


RE: Not really open source
By bug77 on 11/3/2010 12:47:04 PM , Rating: 2
True. I was just trying to point to the fact that while Android is compared (in this study) to other open source projects, it doesn't reap most of the benefits of being open source. So it's not really comparing apples to apples. But in the end, who cares?


RE: Not really open source
By omnicronx on 11/3/2010 12:53:37 PM , Rating: 2
Is that not more of a GPL restriction than an 'open source' restriction? I.e it is not specifically tied to a release.

As long as the source code is made public (whenever that may be), enabling anyone to copy, change, and/or redistribute said code without paying any fee's or royalties, it can be considered open source...

Although the definition can be construed in a broad verity of ways ;)


"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki