Google’s latest Android OS, version 4.1 Jelly Bean, is properly strengthened against hacking exploits and malware, according to mobile security researcher Jon Oberheide.
The analysis, posted on Duo Security’s bulletin on July 16, says that Android has “stepped its game up” in protecting against malicious exploits.
Although the Android OS is still playing catch-up compared to iOS, the report claims Jelly Bean is more secure than 4.0 Ice Cream Sandwich.
It mainly comes down to technology called ASLR. Oberheide explains:
“ASLR randomizes where various areas of memory (eg: stack, heap, libs, etc) are mapped in the address space of a process. Combined with complementary mitigation techniques such as non-executable memory protection, ASLR makes the exploitation of traditional memory corruption vulnerabilities probabilistically difficult.”
The problem that Oberheide found in Android 4.0 was that: “ASLR support in Android 4.0 did not live up to expectations and is largely ineffective for mitigating real-world attacks, due to the lack of randomization of the executable and linker memory regions.”
He then goes into further technical details on the changes in Android 4.1, which typical users won’t need to bother themselves with, but it’s reassuring to know that Google is getting there in terms of tightening up security gaps in Android, at least until hackers start picking holes in ASLR or finding any other vulnerabilities.
The downside is that Jelly Bean is on hardly any Android devices at the moment. The vast majority are not even using the "largely ineffective" Ice Cream Sandwich but the even older Gingerbread, so that’s sure to keep malware creators busy for some time to come.
Via Duo Security