Serious Security Bugs Found In Android Kernel

An analysis of the kernel used in Google’s Android smartphone software has turned up 88 high-risk security flaws that could be used to expose users’ personal information, security firm Coverity said in a report published on Tuesday.

The results, published in the 2010 edition of the Coverity Scan Open Source Integrity Report, are based on an analysis of the Froyo kernel used in HTC’s Droid Incredible handset.

Enterprise fears

The results arrive as Android is increasing its market share and increasingly being used in the enterprise.

While Android implementations vary from device to device, Coverity said the same flaws were likely to exist in other handsets as well. Coverity uncovered a total of 359 bugs, about one-quarter of which were classified as high-risk.

The report analysed a total of 61 million lines of open source code from 291 widely used projects, including Apache, Linux, PHP and Samba.

While Android’s density of bugs per thousand lines of code was lower than the average found in open source software overall, it was higher than that of the Linux kernel, according to Coverity. The company said some of the bugs appeared to be important enough to have been addressed before the code was released.

Fixes demanded

Coverity said it will hold off releasing the details of the flaws until January to allow Google and handset vendors to issue fixes. The flaws could be patched via an over-the-air update, Coverity said.

Canalys reported on Monday that Android now dominates the US smartphone market with a 44 percent share, up from 33 percent in the second quarter of this year.

While the deployment of Android on large numbers of handsets has allowed the software to claw market share away from competitors such as RIM, some have criticised Google’s “hands-off” approach for harming the quality of Android and its applications.

Matthew Broersma

View Comments

  • Searching old article about bug on android and i find this....we need to collect old bug on android to publish
    at my blog, will give you credit as soon as the article publish.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago