According to a new study by Coverity, a code analysis group, the most critical part of the Android mobile operating system has found programming errors which may enable hackers or specially crafted malware applications to access a users personal smartphone data.
The Financial Times received an advance copy of the report, due Tuesday, which focused on the kernel of the open-source Android kernel which was loaded on to one of HTC’s Droid Incredible smartphones. Whilst the Incredible was subject to examination, the study suggests other Android smartphones would be at risk.
In total, Coverity uncovered a large number of defects in the Android source code, labelling 88 of them as “high-risk defects”. These include improper memory access and memory corruption which could open the door to security vulnerabilities, data loss or an increase in OS crashes.
This number is substantially lower than most open source projects but Android’s surge in popularity will leave many more users at risk. Coverity has contacted Google and HTC, both companies are assessing the findings.
Until now, security concerns have largely centered around rogue applications and the collection of unauthorised data. Coverity’s report demonstrates the difficulty smartphone manufacturers and operating system developers have when securing their code for the millions of customers using them worldwide.