The Android is not as secure as many would think. The amount of defects found is staggering according to the report by Coverity (Software Integrity Blog). More than 25% of the defects are considered high risk. Here’s the break down;Android Risks

  • 359 defects found in total.
  • 88 of the defects are considered high risk.
  • The high risk defects include; memory corruption, resource and memory leaks, and uninitialized variables.

The actual average number of defects in the Android is not that bad based on industry averages. The Android kernel has 0.47 defects per 1000 lines of code – half of what you’d expect compared to the industry average of 1 defect per 1000 lines of code.

The good news, Coverity is not going to share their findings until the Android security team has time to address and fix the defects. The report will be released in approximately 60 days. I strongly believe that Coverity shouldn’t make this public information.

I would hate to hear that this report leaked out on the internet before the 60 day time-frame. Things like this happen too often. I could only imagine what the hackers would do to exploit these security risks.