How Risky is Android Mobile OS Code?

How real are the Android mobile OS problems? “These could in theory potentially be exploitable,” said Andy Chou, Chief Scientist and co-founder of Coverity. “We don’t know. We are working with some security researchers to see if the flaws are actually exploitable.” Sean Michael Kerner reports.

Google’s Android mobile operating system may include a number of high-risk software flaws, according to a new report from static code analysis vendor Coverity.

Coverity detected 359 software defects in the Android Froyo kernel that is used in the HTC Droid Incredible smartphone. Of those defects, Coverity has identified 88 defects or about 25 percent of the total flaw count, as being high-risk and potentially leading to security risk for Android users.

According to Coverity, the defect density in Android isn’t actually all that bad compared to other codebases that they’ve scanned. Coverity is a commercial code analysis vendor and has also been running the Coverity Scan effort since 2006, analyzing open source code for software defects.

“We found that the Android kernel had about half the defect density that you would expect, compared to other industry average codebases of the same size,” Andy Chou, Chief Scientist and co-founder of Coverity told InternetNews.com.”What that means is that a defect density of one defect per approximately one thousand lines of code is industry average, according to our measurements – for the Android kernel, the defect density was about 0.47.”

Read the rest at eSecurity Planet.