DailyTech - 88 Serious Security Bugs Identified in Android 2.2 "Froyo"

Submit News

Gadgets 88 Serious Security Bugs Identified in Android 2.2 "Froyo"
Jason Mick (Blog) - November 3, 2010 10:11 AM

30 comment(s) - last by Lazarus Dark.. on Nov 5 at 6:54 PM

Froyo has a few bugs in it. (Source: rainab on Flickr)

Many of these bugs could expose private user info, much like recent Apple iPhone bug

Android may be open source, but that doesn't make the popular smartphone operating system invincible to security problems. Hot on the heels of a recently discovered iOS 4.1 vulnerability that could give malicious users access to a locked iPhone's phone app, messaging app, and more, a plethora of Android vulnerabilities have been identified.

The new Android vulnerabilities were discovered by researchers at security firm Coverity. In their Coverity Scan Open Source Integrity Report the researchers scoured 61 million lines of open source code, including the Android OS source used in the popular HTC Droid Incredible. Code from Apache, other Linux kernels, PHP, and Samba were among the 291 open source projects examined and compared to the Android kernel.

The team identified 359 bugs in the code. Of these, 88 of them (roughly 25 percent) were categorized as "high risk" -- bugs that could endanger users' privacy.

Coverity gave Android mixed praise for the quality of its code. It said that Android had a lower density of bugs per thousand lines of code than average open source software. But it said it had a higher bug density than the highly scrutinized Linux kernel and that some of the critical bugs should have been caught before release.

While every Android distribution is slightly different, even for the same operating system number, it is thought that these vulnerabilities likely appear in most Froyo-equipped Android phones.

Google has responded quickly to Coverity, reportedly preparing over-the-air fixes that will be delivered by January at the latest. Coverity is holding off on releasing details of the vulnerabilities until those fixes are delivered. Over-the-air fixes are one reason some security experts say Android's security is superior to that of the Apple iPhone (iOS does not have over-the-air OS updates).

Google now has something in common with Microsoft -- as the market leader in a major OS segment, it is the highest profile target for exploitation. Google owns nearly half of the U.S. smartphone market, while RIM and Apple each have roughly a quarter of the market.

Comments

Threshold

Username
Password
remember me

This article is over a month old, voting and posting comments is disabled

RE: Not really open source

By Klober on 11/3/2010 5:09:46 PM , Rating: 2

Hey Alexstarfire,

Just FYI, I'm already running a Froyo ROM on my Captivate and have been since the beginning of October (started with Cognition v2.2 BETA3). I'm currently running Cognition v2.2 BETA9.1.3 (based on JI6 Froyo leaked ROM) and it's working great.

My phone sips battery juice now - one day last week when I was paying attention I was 4 hours off the charger and still at 100%, and at the end of my work day (over 10 hours off the charger) with some email and 3G web browsing I was still around 83%. Right now I've been off the charger for 8 1/2 hours with browsing, updating apps, email, texts and browsing the market and I'm still at 73%.

I'm pretty happy so far, but tonight or tomorrow I'll probably do a full backup and try out the newest Cognition ROM (v2.3b1) to see the differences and see how it fares since it's based on JJ4 which is the newest Froyo leak.

I don't know if that's what you meant by a modified Froyo ROM, but if it is and you want more info let me know.

Parent

RE: Not really open source

By Alexstarfire on 11/3/2010 11:28:43 PM , Rating: 2

I know about it. I haven't gotten it since there are supposed to be several bugs. Been waiting for the official ROM. Could have changed since they are on version 2.3 beta now.

Parent

"We are going to continue to work with them to make sure they understand the reality of the Internet. A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis

Android Devices Seize Larger Lead in the U.S. Market, iPhone Remains Best-selling Smartphone
November 1, 2010, 12:02 PM

Apple iOS 4.1 Security Hole Revealed
October 26, 2010, 8:15 AM

Hacker Says iPhone is Incredibly Insecure, "Useless" for Businesses
July 24, 2009, 1:42 PM

Latest Headlines

Report: Next-Generation Surface RT Tablet to Feature Qualcomm's Snapdragon Processor
June 19, 2013, 8:41 AM

Google Starts Testing Balloons to Provide Internet Service to Ground Users
June 19, 2013, 8:20 AM

Lenovo Introduces $900, 15" ThinkPad S531 Ultrabook
June 18, 2013, 3:46 PM

Just How Powerful is the Xbox One? Microsoft is Confused
June 18, 2013, 11:30 AM

Microsoft Offering Schools/Colleges $199 Surface RT Tablets
June 18, 2013, 10:24 AM

Quick Note: First "Apple Approved" iOS Game Controller Pictured
June 17, 2013, 10:20 AM

More Headlines

Most Popular ArticlesSource: Don't Worry, NSA Spies on "99 Percent" of Americans' Locations, Call Records
June 14, 2013, 3:57 PM
Xbox Chief: If You Can't Get Online, Don't Buy an Xbox One
June 12, 2013, 9:57 AM
GigaHertz Wars 2.0? AMD Releases World's First 5.0 GHz FX Processor
June 11, 2013, 3:16 PM
Former Palm CEO: Selling Palm to HP was a Waste
June 12, 2013, 10:19 AM
Report: Apple to Release Larger iPhone Screens, Cheaper iPhone for $99
June 13, 2013, 9:41 AM

Latest Blog Posts

Lumosity: Does it Work?
Tiffany Kaiser - May 22, 2013, 8:20 PM

Quick Note: Sony "Teases" PS4 Ahead of Xbox Reveal in New Video
Brandon Hill - May 20, 2013, 12:33 PM

Nokia Introduces Instagram-Like App of Its Own to Help Lumia Sales
Tiffany Kaiser - May 20, 2013, 7:10 AM

Parents of Pre-Teen Drivers Commonly Practice Distracted Driving Says Study
Shane McGlaun - May 9, 2013, 7:16 AM

Apple's iOS 7 Running Into Internal Delays Due to Massive Overhaul
Larry Barber - May 1, 2013, 4:26 PM