|
||||||||
Android has 88 "high risk" security flaws |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#1 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Android has 88 "high risk" security flaws
http://www.thinq.co.uk/2010/11/1/and...s-says-report/
A behind the paywall Murdoch newspaper is reporting that Android has 88 high risk defects. Unsurprising considering mobile phones are still publicly 'under the radar'? |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#2 |
|
Forum Member
Join Date: Feb 2003
Location: Hampshire
Posts: 2,090
|
That's on top of reports about popular Android apps compromising privacy after a vague permission request upon installation.
http://arstechnica.com/security/news...dvertisers.ars Installing the prototype of the monitoring softwareTaintdroid looks a little too technical for me: http://appanalysis.org/index.html |
|
|
|
|
|
#3 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
I would not be surprised if smartphone users were at a mercy of the programmers. The mobile OSs are not as robust as the big ones and can't give the same level of protection.
|
|
|
|
|
|
#4 |
|
Forum Member
Join Date: May 2002
Location: Crystal Palace TX
Posts: 19,702
|
Change the word Android to Apple and this thread would have been 20 pages by now
|
|
|
|
|
#5 |
|
Forum Member
Join Date: Dec 2002
Location: UK
Posts: 11,539
|
Quote:
Change the word Android to Apple and this thread would have been 20 pages by now
![]() ![]() On top of that you'd have Jobs stood on TV slagging off all the other brands and deny the problem for a good while before returning with his tale between his legs admitting there's a problem but blaming it on the users not using his handset how he wants them too ![]() Android just doesn't have fanatics willing to die for their brand it seems, so such things are more likely to pass without an incident. |
|
|
|
|
|
#6 |
|
Forum Member
Join Date: Dec 2002
Location: UK
Posts: 11,539
|
Back on topic and it's reassuring to see that the bugs are going to be fixed prior to the issues being publicly detailed
|
|
|
|
|
|
#7 |
|
Forum Member
Join Date: Oct 2008
Posts: 1,058
|
That article is utter garbage by someone who doesnt understand the topic. All systems have bugs, the testers themselves indicate that Android has a lower bug ratio than the industry average. The fact that the kernel is open mean that bugs are exposed and dealt with within a quicker time frame. I expect IOS and Windows Mobile will have a fair share of bugs too. Even the mighty Windows/Mac/Unix OS have a huge number of bugs associated with them and yet we all still use them. What the article should be talking about is how many vulnerabilities there are and whether they have been exploited.
|
|
|
|
|
|
#8 |
|
Guest
Join Date: May 2005
Posts: 757
|
Quote:
That article is utter garbage by someone who doesnt understand the topic. All systems have bugs, the testers themselves indicate that Android has a lower bug ratio than the industry average. The fact that the kernel is open mean that bugs are exposed and dealt with within a quicker time frame. I expect IOS and Windows Mobile will have a fair share of bugs too. Even the mighty Windows/Mac/Unix OS have a huge number of bugs associated with them and yet we all still use them. What the article should be talking about is how many vulnerabilities there are and whether they have been exploited.
|
|
|
|
|
|
#9 |
|
Forum Member
Join Date: Nov 2003
Location: Norwich, Norfolk, UK
Posts: 14,278
|
There's a more balanced report here:
http://www.v3.co.uk/v3/news/2272563/...android-kernel |
|
|
|
|
|
#10 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
OS even a mobile one is too complex a system to be bug free. It's also impossible to verify that it is error-free, the only way to find out is to test as much as possible and let the bugs come out by using the OS daily. It's how you deal with them that's important. Some take it as a PR disaster that their celebrated OS is not perfect (as promised), some deal with it as a fact of life. The usual process is that the OS author gets heads up and time to fix the problem from whoever found the bug/security hole and when the bug is fixed, the problem is published. 88 vulnerabilities seems like a lot, but Android is relatively new and as far as the bugs are fixed they'll be OK.
|
|
|
|
|
|
#11 |
|
Forum Member
Join Date: Oct 2008
Posts: 1,058
|
Quote:
The usual process is that the OS author gets heads up and time to fix the problem from whoever found the bug/security hole and when the bug is fixed, the problem is published. 88 vulnerabilities seems like a lot, but Android is relatively new and as far as the bugs are fixed they'll be OK.
As for 88 seems a lot, compared to what? Around 11 million lines of Android code, a good portion of that ripped from Linux and Java, I would say thats a pretty decent return. |
|
|
|
|
|
#12 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Quote:
Change the word Android to Apple and this thread would have been 20 pages by now
![]() It is strange though that there is little outing of security risks. I get the feeling that the lack of a big anti-virus business means a lack of reporting and thus knowledge. |
|
|
|
|
|
#13 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
Quote:
Two months to fix 88 bugs is asking alot from Google because... A, Its nearly Xmas B. Gingerbread.
As for 88 seems a lot, compared to what? Around 11 million lines of Android code, a good portion of that ripped from Linux and Java, I would say thats a pretty decent return. |
|
|
|
|
|
#14 |
|
Forum Member
Join Date: Nov 2003
Location: Norwich, Norfolk, UK
Posts: 14,278
|
Quote:
If you say to somebody without background in SW development that there are 88 critical vulnerabilities in a system, their reaction will be it's a lot, there aren't supposed to be any and here it's almost a hundred.
|
|
|
|
|
|
#15 |
|
Forum Member
Join Date: Oct 2008
Posts: 1,058
|
Quote:
If you say to somebody without background in SW development that there are 88 critical vulnerabilities in a system, their reaction will be it's a lot, there aren't supposed to be any and here it's almost a hundred.
The following link adds a sensible spin on it and actually gives the real message from Coverity, strangely missing from the reports I have seen on this side of the pond. http://blogs.forbes.com/taylorbuley/...mepagechannels |
|
|
|
![]() |
|
All times are GMT. The time now is 17:40.


