Android Kernel Security Above Average, Below Linux - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

06:08 PM
Connect Directly

Android Kernel Security Above Average, Below Linux

An analysis of Android on an HTC Droid Incredible identified 359 code defects.

Best Mobile Apps For Busy Professionals
(click image for larger view)
Best Mobile Apps For Busy Professionals

Android devices may be viewed with more suspicion than rival smartphones because the more relaxed policing of Android Market apps suggests greater potential risk. But the openness of Android code turns out to be a benefit rather than a liability, at least from a security standpoint.

An analysis of the Android kernel on an HTC Droid Incredible reveals about half as many software defects as expected, according to a report released by software security firm Coverity on Monday.

The Android kernel was found to have 0.47 defects per thousand lines of code, compared to an average of 1 defect per thousand lines of code.

But if Android is twice as good as the industry average, it's half as good as the Linux kernel in terms of defect density. The Android operating system is based upon Linux.

Coverity says this is to be expected given that Android-specific components have been written more recently and newer code tends to have a higher defect density than code that has endured years of static analysis, like the Linux kernel.

Coverity's analysis found 359 defects in the shipping version of Android on an HTC Droid Incredible, 88 of which it classifies as high-risk defects. These flaws include memory corruption bugs, illegal memory access bugs, and resource leaks.

It should be stressed that defects identified in this manner are not necessarily exploitable.

The firm concludes that Android's core platform is sold and that the Android-specific components need further attention to match the standards of Linux.

"We hope that by raising the visibility of the code across the supply chain for Android that the multiple software and device vendors that make Android devices can gain better visibility into the quality of the software components they are using and help hold each other accountable for delivering a high quality end product," Coverity's report says.

Google did not immediately respond to a request for comment.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll