A security firm researching the safety of the mobile Android operating system has discovered a long list of security bugs, with at least some being thought of as a serious risk.
In a report, security firm Coverity claims to have identified several hundred bugs in the Android operating system. The researchers scoured over 60 million lines of open source code in their Coverity Scan Open Source Integrity Report, including the Android OS source used with the HTC Droid Incredible.
In total, 359 bugs were discovered by the team, with 88 of them categorized as being a "high risk". Coverity praised Android for having a lower density of bugs per thousand lines of code than average open source software, but said it had a higher bug density than the Linux kernel. Some of the bugs, it argues, should have been caught before release.
All Android distributions are different in some way or another, but it is thought that most Froyo-based Android phones will be vulnerable to the discovered bugs.
Google has responded by preparing over-the-air fixes that it says will be delivered by January at least. The availability of over-the-air fixes is a huge plus for the Android operating system all by itself. Coverity will not disclose details on the vulnerabilities it discovered until patches are available and are being delivered.
In total, 359 bugs were discovered by the team, with 88 of them categorized as being a "high risk". Coverity praised Android for having a lower density of bugs per thousand lines of code than average open source software, but said it had a higher bug density than the Linux kernel. Some of the bugs, it argues, should have been caught before release.
All Android distributions are different in some way or another, but it is thought that most Froyo-based Android phones will be vulnerable to the discovered bugs.
Google has responded by preparing over-the-air fixes that it says will be delivered by January at least. The availability of over-the-air fixes is a huge plus for the Android operating system all by itself. Coverity will not disclose details on the vulnerabilities it discovered until patches are available and are being delivered.
