A shocking number of high-risk security flaws in Google’s Android smartphone OS have recently been discovered by security firm Coverity.
“We found 88 high-risk defects in Android,” it says in the firm’s 2010 Open Source Integrity Report. “25% of the Android defects discovered, including memory corruptions, memory illegal accesses, and resource leaks, are considered high-risk with significant potential to cause security vulnerabilities, data loss, or quality problems such as system crashes.”
The report is based upon the source code analysis of the Android kernel 2.6.32 (code named “Froyo”), and they have discovered 359 flaws in total. But, even though the number seems high, they say that the Android kernel has “better than industry average defect density”. Unfortunately for Google, that number is still higher that that of vulnerabilities found in the Linux kernel.
To compile this report, Coverity has analyzed more than 61 million lines of code from 291 of the most popular and widely used open source projects, including Android, Samba, Linux and Apache. And even if there was a part of the Integrity Report dedicated to Android, it has been discovered that, in general, some 45% of the defects discovered in open source are considered high-risk, and that the types of these flaws their frequency has changed little when compared to their first report on this kind from 2008.
According to eWeek Europe, Google has been notified of the findings, and Coverity will give them time to fix the flaws, the details of which will be released in January.