Android Kernel Security Above Average, Below Linux - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software
News
11/2/2010
06:08 PM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Android Kernel Security Above Average, Below Linux

An analysis of Android on an HTC Droid Incredible identified 359 code defects.

Best Mobile Apps For Busy Professionals
(click image for larger view)
Best Mobile Apps For Busy Professionals

Android devices may be viewed with more suspicion than rival smartphones because the more relaxed policing of Android Market apps suggests greater potential risk. But the openness of Android code turns out to be a benefit rather than a liability, at least from a security standpoint.

An analysis of the Android kernel on an HTC Droid Incredible reveals about half as many software defects as expected, according to a report released by software security firm Coverity on Monday.

The Android kernel was found to have 0.47 defects per thousand lines of code, compared to an average of 1 defect per thousand lines of code.

But if Android is twice as good as the industry average, it's half as good as the Linux kernel in terms of defect density. The Android operating system is based upon Linux.

Coverity says this is to be expected given that Android-specific components have been written more recently and newer code tends to have a higher defect density than code that has endured years of static analysis, like the Linux kernel.

Coverity's analysis found 359 defects in the shipping version of Android on an HTC Droid Incredible, 88 of which it classifies as high-risk defects. These flaws include memory corruption bugs, illegal memory access bugs, and resource leaks.

It should be stressed that defects identified in this manner are not necessarily exploitable.

The firm concludes that Android's core platform is sold and that the Android-specific components need further attention to match the standards of Linux.

"We hope that by raising the visibility of the code across the supply chain for Android that the multiple software and device vendors that make Android devices can gain better visibility into the quality of the software components they are using and help hold each other accountable for delivering a high quality end product," Coverity's report says.

Google did not immediately respond to a request for comment.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
11 Ways DevOps Is Evolving
Lisa Morgan, Freelance Writer,  2/18/2021
Commentary
Graph-Based AI Enters the Enterprise Mainstream
James Kobielus, Tech Analyst, Consultant and Author,  2/16/2021
News
What Comes Next for AWS with Jassy to Become Amazon CEO
Joao-Pierre S. Ruth, Senior Writer,  2/4/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll