DS Forums

 
 

Android has 88 "high risk" security flaws


Reply
Thread Tools Search this Thread
Old 01-11-2010, 17:48
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132

http://www.thinq.co.uk/2010/11/1/and...s-says-report/

A behind the paywall Murdoch newspaper is reporting that Android has 88 high risk defects.

Unsurprising considering mobile phones are still publicly 'under the radar'?
alanwarwic is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 01-11-2010, 18:06
cmq2
Forum Member
 
Join Date: Feb 2003
Location: Hampshire
Posts: 2,090
That's on top of reports about popular Android apps compromising privacy after a vague permission request upon installation.
http://arstechnica.com/security/news...dvertisers.ars

Installing the prototype of the monitoring softwareTaintdroid looks a little too technical for me: http://appanalysis.org/index.html
cmq2 is offline   Reply With Quote
Old 01-11-2010, 18:36
IvanIV
Forum Member
 
Join Date: May 2006
Posts: 25,199
I would not be surprised if smartphone users were at a mercy of the programmers. The mobile OSs are not as robust as the big ones and can't give the same level of protection.
IvanIV is offline   Reply With Quote
Old 01-11-2010, 21:24
psionic
Forum Member
 
Join Date: May 2002
Location: Crystal Palace TX
Posts: 19,702
Change the word Android to Apple and this thread would have been 20 pages by now
psionic is offline Follow this poster on Twitter   Reply With Quote
Old 02-11-2010, 10:21
lalaland
Forum Member
 
Join Date: Dec 2002
Location: UK
Posts: 11,539
Change the word Android to Apple and this thread would have been 20 pages by now
Partly because the Apple splinter cells would have been activated and there'd be users on here now denying all reports and calling anyone who questioned them 'apple haters'

On top of that you'd have Jobs stood on TV slagging off all the other brands and deny the problem for a good while before returning with his tale between his legs admitting there's a problem but blaming it on the users not using his handset how he wants them too

Android just doesn't have fanatics willing to die for their brand it seems, so such things are more likely to pass without an incident.
lalaland is offline   Reply With Quote
Old 02-11-2010, 10:22
lalaland
Forum Member
 
Join Date: Dec 2002
Location: UK
Posts: 11,539
Back on topic and it's reassuring to see that the bugs are going to be fixed prior to the issues being publicly detailed
lalaland is offline   Reply With Quote
Old 02-11-2010, 21:54
rosetech
Forum Member
 
Join Date: Oct 2008
Posts: 1,058
That article is utter garbage by someone who doesnt understand the topic. All systems have bugs, the testers themselves indicate that Android has a lower bug ratio than the industry average. The fact that the kernel is open mean that bugs are exposed and dealt with within a quicker time frame. I expect IOS and Windows Mobile will have a fair share of bugs too. Even the mighty Windows/Mac/Unix OS have a huge number of bugs associated with them and yet we all still use them. What the article should be talking about is how many vulnerabilities there are and whether they have been exploited.
rosetech is offline   Reply With Quote
Old 03-11-2010, 07:21
chaos77
Guest
 
Join Date: May 2005
Posts: 757
That article is utter garbage by someone who doesnt understand the topic. All systems have bugs, the testers themselves indicate that Android has a lower bug ratio than the industry average. The fact that the kernel is open mean that bugs are exposed and dealt with within a quicker time frame. I expect IOS and Windows Mobile will have a fair share of bugs too. Even the mighty Windows/Mac/Unix OS have a huge number of bugs associated with them and yet we all still use them. What the article should be talking about is how many vulnerabilities there are and whether they have been exploited.
hear hear.
chaos77 is offline   Reply With Quote
Old 03-11-2010, 07:56
John259
Forum Member
 
Join Date: Nov 2003
Location: Norwich, Norfolk, UK
Posts: 14,278
There's a more balanced report here:
http://www.v3.co.uk/v3/news/2272563/...android-kernel
John259 is offline   Reply With Quote
Old 03-11-2010, 08:46
IvanIV
Forum Member
 
Join Date: May 2006
Posts: 25,199
OS even a mobile one is too complex a system to be bug free. It's also impossible to verify that it is error-free, the only way to find out is to test as much as possible and let the bugs come out by using the OS daily. It's how you deal with them that's important. Some take it as a PR disaster that their celebrated OS is not perfect (as promised), some deal with it as a fact of life. The usual process is that the OS author gets heads up and time to fix the problem from whoever found the bug/security hole and when the bug is fixed, the problem is published. 88 vulnerabilities seems like a lot, but Android is relatively new and as far as the bugs are fixed they'll be OK.
IvanIV is offline   Reply With Quote
Old 03-11-2010, 18:49
rosetech
Forum Member
 
Join Date: Oct 2008
Posts: 1,058
The usual process is that the OS author gets heads up and time to fix the problem from whoever found the bug/security hole and when the bug is fixed, the problem is published. 88 vulnerabilities seems like a lot, but Android is relatively new and as far as the bugs are fixed they'll be OK.
Two months to fix 88 bugs is asking alot from Google because... A, Its nearly Xmas B. Gingerbread.

As for 88 seems a lot, compared to what? Around 11 million lines of Android code, a good portion of that ripped from Linux and Java, I would say thats a pretty decent return.
rosetech is offline   Reply With Quote
Old 03-11-2010, 19:48
alanwarwic
Forum Member
 
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
Change the word Android to Apple and this thread would have been 20 pages by now
Well I'm sure Android satisfaction ratings are quite decent.

It is strange though that there is little outing of security risks.
I get the feeling that the lack of a big anti-virus business means a lack of reporting and thus knowledge.
alanwarwic is offline   Reply With Quote
Old 03-11-2010, 20:18
IvanIV
Forum Member
 
Join Date: May 2006
Posts: 25,199
Two months to fix 88 bugs is asking alot from Google because... A, Its nearly Xmas B. Gingerbread.

As for 88 seems a lot, compared to what? Around 11 million lines of Android code, a good portion of that ripped from Linux and Java, I would say thats a pretty decent return.
If you say to somebody without background in SW development that there are 88 critical vulnerabilities in a system, their reaction will be it's a lot, there aren't supposed to be any and here it's almost a hundred.
IvanIV is offline   Reply With Quote
Old 03-11-2010, 20:29
John259
Forum Member
 
Join Date: Nov 2003
Location: Norwich, Norfolk, UK
Posts: 14,278
If you say to somebody without background in SW development that there are 88 critical vulnerabilities in a system, their reaction will be it's a lot, there aren't supposed to be any and here it's almost a hundred.
But then think how many Microsoft Security updates there have been on average per patch Tuesday for many years now.
John259 is offline   Reply With Quote
Old 03-11-2010, 22:24
rosetech
Forum Member
 
Join Date: Oct 2008
Posts: 1,058
If you say to somebody without background in SW development that there are 88 critical vulnerabilities in a system, their reaction will be it's a lot, there aren't supposed to be any and here it's almost a hundred.
The whole piece is badly worded and doing the rounds in a number of respectable tech sites, of the 88 high risks 28 of those are uninitialise variables. I say again for the size of the code that aint bad going. IOS (although it has had some laughable bugs) and Android are nowhere as poor as Operating Systems for desktops.

The following link adds a sensible spin on it and actually gives the real message from Coverity, strangely missing from the reports I have seen on this side of the pond.
http://blogs.forbes.com/taylorbuley/...mepagechannels
rosetech is offline   Reply With Quote
 
Reply




 
Forum Jump


All times are GMT. The time now is 19:50.