Print 30 comment(s) - last by Lazarus Dark.. on Nov 5 at 6:54 PM

Froyo has a few bugs in it.  (Source: rainab on Flickr)
Many of these bugs could expose private user info, much like recent Apple iPhone bug

Android may be open source, but that doesn't make the popular smartphone operating system invincible to security problems.  Hot on the heels of a recently discovered iOS 4.1 vulnerability that could give malicious users access to a locked iPhone's phone app, messaging app, and more, a plethora of Android vulnerabilities have been identified.

The new Android vulnerabilities were discovered by researchers at security firm Coverity.  In their Coverity Scan Open Source Integrity Report the researchers scoured 61 million lines of open source code, including the Android OS source used in the popular HTC Droid Incredible.  Code from Apache, other Linux kernels, PHP, and Samba were among the 291 open source projects examined and compared to the Android kernel.

The team identified 359 bugs in the code.  Of these, 88 of them (roughly 25 percent) were categorized as "high risk" -- bugs that could endanger users' privacy.

Coverity gave Android mixed praise for the quality of its code.  It said that Android had a lower density of bugs per thousand lines of code than average open source software.  But it said it had a higher bug density than the highly scrutinized Linux kernel and that some of the critical bugs should have been caught before release.

While every Android distribution is slightly different, even for the same operating system number, it is thought that these vulnerabilities likely appear in most Froyo-equipped Android phones.

Google has responded quickly to Coverity, reportedly preparing over-the-air fixes that will be delivered by January at the latest.  Coverity is holding off on releasing details of the vulnerabilities until those fixes are delivered.  Over-the-air fixes are one reason some security experts say Android's security is superior to that of the Apple iPhone (iOS does not have over-the-air OS updates).

Google now has something in common with Microsoft -- as the market leader in a major OS segment, it is the highest profile target for exploitation.  Google owns nearly half of the U.S. smartphone market, while RIM and Apple each have roughly a quarter of the market.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Endless Beta Syndrom
By uhgotnegum on 11/3/2010 12:46:12 PM , Rating: 4
Apple appreciates your comment. Apple would also like for you to continue thinking that Apple's products are always delivered complete....on an annual software updates.

This is, of course, done for your benefit. That way, you can easily consider what Apple delivers to you "complete" and "really there." More than once a year would be confusing to our users, and if it were an app, we'd have to reject it.

RE: Endless Beta Syndrom
By NanoTube1 on 11/3/2010 6:21:24 PM , Rating: 2
I trust steve jobs with my iLife!

Ok ok... I'm just screwing around. A troll trap kind of comment.

Honestly, I love Android, it's a hell of an OS and the top tier phones are really good. But some of what I said is true, Google has this annoying tendency to release beta quality software and keep it that way for months on end - a tendency Apple is adopting for some reason. I am also surprised they found so many security bugs in Froyo - that is NOT characteristic of Google! 88 security related bugs!! Meh... kind of disappointing to be honest.

RE: Endless Beta Syndrom
By jithvk on 11/3/2010 8:12:25 PM , Rating: 2
I trust steve jobs with my wife!

Fixed it for ya...

RE: Endless Beta Syndrom
By NanoTube1 on 11/4/2010 11:46:54 AM , Rating: 2

RE: Endless Beta Syndrom
By uhgotnegum on 11/4/2010 6:37:49 PM , Rating: 2
Not one to post a sarcastic, attention-seeking (oh, and "primarily substanceless")comment and never return to see whether the DailyTech public likes me, I am back! I'm switching gears, though, and posting a real that nobody will ever come back to this article.

I understand and agree with your "beta quality" point re early Android, but I really can't think of other examples. As someone who uses a majority of Google's web, software, and recent Android offerings, I have not really had any "beta quality" experiences. I have had some glitches and "oh, they should've included that"s, but no more than I would expect from any other software or web service.

I'm curious, what experience(s) got you to your opinion?

The only (meaningful) point of my original comment is that I think Apple and Google have very different ideas as to how "beta" is defined and how that phase is implemented in their business models. Personally, I prefer Google's, which seems more agile...more able to address issues that arise in reports like the one from this article. Apple seems to rely on itself, internally, to identify and resolve problems, and a report like this would be reviewed, worked on internally, and then released as part of a "big" update.

If I'm right, it makes sense, b/c part of Apple's revenue is based on selling their new software, whereas Google's revenue is based on your use of the software.

...ok, enough of me.

RE: Endless Beta Syndrom
By NanoTube1 on 11/4/2010 8:01:44 PM , Rating: 2
Not one to post a sarcastic, attention-seeking (oh, and "primarily substanceless")comment and never return to see whether the DailyTech public likes me, I am back! I'm switching gears, though, and posting a real that nobody will ever come back to this article.

My my, you built yourself a small conspiracy story over there! Awww... how sweet.

As for Google and their beta software, well, I had many issues with GMail when it was beta, first versions of Android were pretty rough (88 high risk security issues in v2.2 is not exactly nice either), Mmmmmm let's see.... Wave? Buzz?... beta is not only bugs, beta is also when you don't think through the UI or Privacy or any other issue that influences the user.

I think it was one of their founders that said something like "we throw a lot of thing at the wall and see if it sticks"... well, how good is version 1.x of such software can be? inherently beta grade, which it is.

"You can bet that Sony built a long-term business plan about being successful in Japan and that business plan is crumbling." -- Peter Moore, 24 hours before his Microsoft resignation

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Laptop or Tablet - Which Do You Prefer?
September 20, 2016, 6:32 AM
Update: Samsung Exchange Program Now in Progress
September 20, 2016, 5:30 AM
Smartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki