
Researchers find major flaws in Android kernel
Google OS better than most, but still behind Linux, says Coverity

The underlying code for the Android smartphone platform is better than the average, according to researchers, but still has plenty of defects.
Open source software scanning firm Coverity said that a recent study of the Android kernel used in the Droid Incredible handset turned up 359 defects, 88 of which could be considered high-risk.
The company said that, while significant, the ratio of defects per lines of code in the Android kernel is roughly half that of the average open source application that the company reviews.
Andy Chou, chief scientist and co-founder of Coverity, told V3.co.uk that the Android kernel is better than most, but that its range among multiple vendors could cause those flaws to pose a unique challenge.
"We are finding things that seem like they are important enough to address before release," he said. "We hope vendors see it as something they should start to gain more visibility into and control."
Coverity noted that, while Android's kernel is less prone to defects than other applications, it still lags behind the most prominent open source kernel in the world, Linux.
"If you look at the Android-specific components, they have a higher defect density than Linux," said Chou. "It is not surprising if you consider that the Android code is newer."
Coverity said that it will hold off on publically releasing details on the defects until January so that vendors have adequate time to patch any flaws. The company is also making the full report available to vendors.
Further reading
V3 Latest
BT plan to close down conventional fixed-line phone network by 2025 and go all-IP
BT wants to make the public switched telephone network history within eight years
Facebook Login hijacked by hidden web trackers, claim security researchers
Personal data being purloined by third parties via Facebook Login API
Apple: we've no plans to merger iOS and MacOS
MacOS and iOS are better off apart, says CEO Tim Cook
Oracle: Java SE 8 business users must buy a licence from January next year
Or they'll no longer be entitled to updates and bug patches