14 DAY TRIAL // A recent study conducted by analysis group Coverity reveals that Google's open source Linux-based Android OS suffers from programming flaws that may allow third-party applications unwanted access to users' email or other sensitive information.
The study is based on an analysis made on the Android kernel that's inside HTC's Droid Incredible smartphone, currently sold by Verizon Wireless.
Even though the security flaws have been discovered in the Droid Incredible, it is almost certain that these issues are present in other devices running Android OS.
Coverity discovered no less than 88 “high-risk defects” of the Android kernel, which is the vital core of Google's OS.
Some of these flaws include improper memory access and memory corruption, which have a “significant potential to cause security vulnerabilities, data loss, or quality problems such as system crashes”.
Another interesting issue mentioned in the study is that lots of Android phones have been made to send expensive text messages.
While Google's Android OS is not the only one prone to security vulnerabilities, it seems that the developers are not yet aware of the “potential” presented to hackers by these issues.
Apple and RIM are “patching” critical security issues in their software through updates that are pushed on their devices almost on a regular basis.
Fortunately, the Android OS should be the easiest to “patch” because of its “open source” status, which means that all users can easily idemntify, report and repair possible programming errors.
Coverity is expected to publish details of the said flaws in about two months. Google and smartphone manufacturer HTC have already been informed about the issues, so future security updates are to be expected.
Andy Chou, Coverity’s co-founder: “We want them to fix the problems. We are trying to follow the model for responsible disclosure.”