The Android operating system used in some of the most popular Smartphones, including the HTC Desire and the Samsung Galaxy S, as well as and the new Telstra 7″ Tablet and the soon be released Samsung Galaxy Tab, is flawed says a new report that is set to be released on Tuesday.
The extensive study by Coverity, a UK security firm, has turned up programming errors, some of which could allow hackers or malicious applications to access users’ e-mail or other sensitive information.
The report, which has been obtained by the Financial Times in the UK, examined the publicly disclosed version of the Google Android kernel used in HTC phones with the company claiming that the problem is not isolated to HTC devices but all devices that run an Android OS.
The Firm says that the problems they have exposed in the Android OS can be updated wirelessly by Google, a spokesman said.
The Financial Times said that the study by Coverity, who are a code analysis group, serves as a reminder that smartphones are vulnerable to attacks even as the phones are welcomed more extensively in big companies.
Other security firms said that several organisations are exposing themselves to security issues including some groups that previously accepted only BlackBerry phones by moving to iPhones and Android based phones.
“We’re running in a risky situation before people can get a handle on how to make them more secure,” Chris Wysopal, chief technology officer of Veracode, which analyses smartphone applications for programming flaws, said.
“Any problems at the kernel are definitely worth worrying about.”
Coverity has given details of the flaws to Google and handset maker HTC, which are assessing the findings.
Andy Chou, Coverity’s co-founder, said he planned to make the details of the errors public in about two months.
HTC had no immediate comment.
“We want them to fix the problems. We are trying to follow the model for responsible disclosure,” Mr Chou said.
While the number of Android kernel flaws Coverity turned up per thousand lines of code is lower than the average for open-source projects, 88 of the Android problems are “high-risk defects” the Financial Times said.
They include improper memory access and memory corruption, and have “significant potential to cause security vulnerabilities, data loss, or quality problems such as system crashes”.
Most malicious software found on smartphones thus far has been aimed at a quick score. Some phones have been made to send expensive text messages, for example.
Such worries pale beside concerns about smartphones being lost or stolen, John Pescatore, lead internet security analyst at Gartner, said.
“The information loss [through loss or theft] is so much more of a risk than a worm or virus. Yes, they exist. And sharks eat people, but that doesn’t make the top 10 of my list.