iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Android Falls Short In Security Analysis
Search:
[ insider_reports_insider ]

Android Falls Short In Security Analysis



Bryan Young
Staff Writer
2010-11-04

SecurityProNews: Insider Reports Insider Reports RSS Feed


We've seen enough news about how Apple's iOS is vulnerable to attack. I think it's only fair that we talk about the shortcomings in its biggest competition, Android. According to a report by Coverity, the popular mobile operating system is home to hundreds of bugs in its kernel with a quarter of those bugs listed as 'high risk' that can be used to exploit user privacy.

Android Falls Short in Security Analysis
Android Falls Short in Security Analysis

Coverity Inc. is in the business of scanning software for potential security vulnerabilities. They recently scanned the open-source Android operating system and discovered 359 bugs. 88 of these are listed as high-risk which according to the report, "include four categories that we have found, through experience and consultation with our customers, to be ones that can cause the most damage and are most likely to be fixed first by developers. These include memory corruptions, illegal memory accesses (e.g., reading beyond the bounds of a memory buffer), resource leaks, and uninitialized variables. "

Let's look at how those bugs compare in the open source world. Coverity claims that the industry average 'defect density' is one defect per every 1,000 lines of code. Android has only half that number, which is impressive until you look at the areas those bugs were found. Most of the code in the operating system is a Linux kernel with custom additions added in, and in the Android specific code, the defect density is twice as high.

Fragmentation of accountability is listed as one of the main conclusions of the report. Coverity basically says that, just like the rest of open source software, with so many people contributing so many different elements to the project, it is almost impossible to keep track of who is in charge of fixing what. This is definitely a problem as open source becomes more and more popular.

The Coverity report can be found here.


About the Author:
Bryan is a staff writer for SecurityProNews

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - $line) { echo $line ; } ?> All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds