The latest iteration of Google’s mobile operating system has arrived and it seems that the team at Google has made some progress in terms of strengthening the OS against malware and hacking exploits, according to Jon Oberheide who is a mobile security researcher. Even though the Android operating system must catch up in terms of security in comparison to Apple’s iOS, this report is saying that Jelly Bean is more secure than the previous Android version, 4.0 Ice Cream Sandwich.
What this means is that Android 4.1 Jelly Bean is not as easy to exploit as previous versions of the OS because this is the first Android version that properly incorporates ASLR – address space layout randomization. ASLR would have to be an industry-standard defense against those hackers who are looking to install various malware on smartphones and other devices.
What ASLR does is it randomizes the memory locations for the library, heap, stack, as well as other data structures so the hacker won’t be able to tell where the malware will land on the device. There is a second type of protection implemented with JB, the non-executable memory protection. ASLR support was also implemented with Ice Cream Sandwich but the end result was not that good due to the lack of randomization of the executable.
This ASLR has been introduced in desktop machines for a few years now, with Windows Vista and Mac OS X receiving this security in 2007. It has also been implemented in iOS 4.3 which was released in March, 2011. Jon Oberheide explained that the reason why ASLR was not effective on ICS is due to the fact that it was mostly inefficient for mitigating the real-world attacks because of the absence of randomization of the executable as well as linker memory regions. ASLR can only work properly if everything is randomized, in other words, if there are portions left alone by this process, the hackers are still able to do some damage by focusing on those vulnerable areas.
Even though Google’s Android 4.1 Jelly Bean is more secure than ever, this doesn’t mean that if you own a device running on this OS you don’t have to exercise caution. For this reason, it is highly recommended that you download applications only from trusted and safe sources, while the mods and ROMs you install on your smartphone come also from sources that you can trust.
Jon Oberheide added that there is plenty of room for improving the security in Google’s Android operating system and he also gave an example referring to Apple’s iOS where ASLR is pushed down into the kernel. He recommended that Google should implement this security technique as well in order to make its OS more resistant against hackers.