88 high-risk defects found in Android Kernel

Discovery a testament to the power of open source, which enabled the code to be analysed.

This is the story of a cloud and its silver lining.

First, the cloud: Numerous programming flaws in the Android kernel include 88 high-risk defects that could leave users' sensitive information exposed, analysis firm Coverity announced today.

Specifically, in a study whose results are due to be published tomorrow, Coverity examined the code in version 2.6.32 of the open source Android kernel, which is used in phones including the HTC Droid Incredible. Some 359 software defects were revealed by Coverity's analysis, and roughly 25 per cent of those were considered high-risk, with the potential to cause security breaches and crashes, the firm reported.

The study is part of the 2010 edition of the Coverity Scan Open Source Integrity Report, which details the analysis of more than 61 million lines of open source code from 291 popular and widely used open source projects. Included among those projects analyzed were also Linux, Apache, Samba and PHP.

Coverity has notified both Google and HTC about the Android flaws. If verified, they could be fixed via a wireless update.

The Cloud

Discoveries such as this one might seem alarming for users under any circumstances, but they're potentially even more troubling in this case given the increasing use of Android smartphones by business organizations.

Android now dominates the U.S. smartphone market with a 44 per cent share, Canalys just reported today. Not only that, but much of the platform's growth has come at the expense of Research in Motion, whose BlackBerry platform has long been a favorite among businesses. Specifically, Android grew from 33 per cent of all smartphones purchased in the U.S. in Q2 to 44 per cent in Q3, NPD Group reported this morning; RIM, on the other hand, declined from 28 per cent to 22 per cent during the same period.

Recognizing Android's growing role in the enterprise, in fact, Google just last week introduced new administrative controls to help businesses manage Android-based devices.

The Silver Lining

Lest businesses begin to question Android's suitability for enterprise use in light of Coverity's new data, however, let's turn now to the cloud's silver lining. First is the fact that the code in the Froyo kernel Coverity studied actually had fewer flaws per thousand lines that most open source code does, the firm said. That's not to say that open source code is buggier than closed source code, either -- it's just that closed source code isn't available for analyses like these, so no such comparisons can be made.

Therein, in fact, lies the second, even more significant point to remember here: It is only by virtue of the fact that Android's kernel is open source that these problems were even found. There's an excellent chance that Apple's iPhone, for instance, includes at least as many programming flaws, but the world will never know because that code is proprietary and visible only to Apple.

As with the Linux operating system it's based on, one of the big security advantages of Android is that much of the code is open and thus visible to the world for inspection and testing. Apple's products actually have more security flaws than any others, research firm Secunia recently declared. But because its code is closed, iOS will never benefit from tests such as Coverity's.

The Open Advantage

So while it's certain iPhone fans will jump on Coverity's data as evidence for the superiority of their favorite platform, the reality is that this data proves why open code is more secure. When code is closed, the world depends on the company that made it to test it, find the problems and fix them quickly. That's a lot to expect of any single entity with limited staff, competing pressures and a constrained timetable.

Open code such as that in the Android kernel, on the other hand, can be continuously scrutinized every day by interested developers and users around the world, as well as by analysis firms like Coverity. The result? Flaws are found and fixed more quickly, and the resulting code is better. Forget silver linings -- this one just might be solid gold.

Follow Katherine Noyes on Twitter: @Noyesk.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GooglePhonesconsumer electronicsCoverityCell Phones

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Katherine Noyes

PC World (US online)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?