http://www.thinq.co.uk/2010/11/1/and...s-says-report/

A behind the paywall Murdoch newspaper is reporting that Android has 88 high risk defects.

Unsurprising considering mobile phones are still publicly 'under the radar'?

That's on top of reports about popular Android apps compromising privacy after a vague permission request upon installation.
http://arstechnica.com/security/news...dvertisers.ars

Installing the prototype of the monitoring softwareTaintdroid looks a little too technical for me: http://appanalysis.org/index.html

I would not be surprised if smartphone users were at a mercy of the programmers. The mobile OSs are not as robust as the big ones and can't give the same level of protection.

Change the word Android to Apple and this thread would have been 20 pages by now

Partly because the Apple splinter cells would have been activated and there'd be users on here now denying all reports and calling anyone who questioned them 'apple haters'

On top of that you'd have Jobs stood on TV slagging off all the other brands and deny the problem for a good while before returning with his tale between his legs admitting there's a problem but blaming it on the users not using his handset how he wants them too

Android just doesn't have fanatics willing to die for their brand it seems, so such things are more likely to pass without an incident.

Back on topic and it's reassuring to see that the bugs are going to be fixed prior to the issues being publicly detailed

That article is utter garbage by someone who doesnt understand the topic. All systems have bugs, the testers themselves indicate that Android has a lower bug ratio than the industry average. The fact that the kernel is open mean that bugs are exposed and dealt with within a quicker time frame. I expect IOS and Windows Mobile will have a fair share of bugs too. Even the mighty Windows/Mac/Unix OS have a huge number of bugs associated with them and yet we all still use them. What the article should be talking about is how many vulnerabilities there are and whether they have been exploited.

hear hear.

There's a more balanced report here:
http://www.v3.co.uk/v3/news/2272563/...android-kernel

OS even a mobile one is too complex a system to be bug free. It's also impossible to verify that it is error-free, the only way to find out is to test as much as possible and let the bugs come out by using the OS daily. It's how you deal with them that's important. Some take it as a PR disaster that their celebrated OS is not perfect (as promised), some deal with it as a fact of life. The usual process is that the OS author gets heads up and time to fix the problem from whoever found the bug/security hole and when the bug is fixed, the problem is published. 88 vulnerabilities seems like a lot, but Android is relatively new and as far as the bugs are fixed they'll be OK.

Two months to fix 88 bugs is asking alot from Google because... A, Its nearly Xmas B. Gingerbread.

As for 88 seems a lot, compared to what? Around 11 million lines of Android code, a good portion of that ripped from Linux and Java, I would say thats a pretty decent return.

Well I'm sure Android satisfaction ratings are quite decent.

It is strange though that there is little outing of security risks.
I get the feeling that the lack of a big anti-virus business means a lack of reporting and thus knowledge.

If you say to somebody without background in SW development that there are 88 critical vulnerabilities in a system, their reaction will be it's a lot, there aren't supposed to be any and here it's almost a hundred.

But then think how many Microsoft Security updates there have been on average per patch Tuesday for many years now.

The whole piece is badly worded and doing the rounds in a number of respectable tech sites, of the 88 high risks 28 of those are uninitialise variables. I say again for the size of the code that aint bad going. IOS (although it has had some laughable bugs) and Android are nowhere as poor as Operating Systems for desktops.

The following link adds a sensible spin on it and actually gives the real message from Coverity, strangely missing from the reports I have seen on this side of the pond.
http://blogs.forbes.com/taylorbuley/...mepagechannels