Android Jelly Bean: The Most Secure Android Version
By Mary Elaine Ramos | July 18, 2012 4:06 PM EST
Google has just unveiled the latest Android version which is Android 4.1 Jelly Bean which would bring about new and improved features. Aside from improved features, Googel also assures users that the Android Jelly Bean is the most secure version of Android they ever released.
Jon Oberheide, a security researcher, wrote an analysis which detailed the security features of Android 4.1 Jelly Bean. According to Mr Oberheide, "Android has stepped its game up mitigation-wise in the new Jelly Bean release." This means that Android Jelly Bean is able to defend its system against potential security risks such as hackers installing virus, malware, and other vicious software attacks.
One of the reasons identified as to why Android Jelly Bean is considered as "secure" is due to the use of Address Space Layout Randomisation (ASLR). ASLR works through randomising location in the memory function of the device. Aside from ASLR, Android Jelly Bean also utilised another security feature which is identified as date execution prevention (DEP). The combination of these two features is a good defense because hackers tend to break into handsets through the use of memory corruption bugs. The combination of ASLR and DEP would mean that hackers cannot locate the malicious code that can be found in the device's memory.
Charlie Miller, a veteran smartphone hacker and principal research consultant at Accuvant security firm, also supported this finding. According to Mr Miller, "As long as there's anything that's not randomised, then (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else. Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that."
The report also revealed that aside from ASLR and DEP, Android Jelly Bean also has defenses against other attacks such as information leakage, buffer overflows, and additional memory vulnerabilities. Despite that, the non-inclusion of "code signing" was identified as a small weakness for Android Jelly Bean. Other OS, most specifically Apple's OS, has already incorporated the three functions (ASLR, DEP, and code signing) in their OS.
Mr Oberheide ended his analysis by writing his final thoughts on the matter:
"[Excerpt]" While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6. One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing. Thankfully, Android is getting there, and Jelly Bean is a major step towards that goal.
To contact the editor, e-mail:
Most Popular Slideshows
- Prince Harry & Camilla Thurlow Getting Serious, St. Tropez Holiday Before The Prince’s 30th Birthday [PHOTOS]
- Angelina Jolie & Brad Pitt Heads to Malta For New Movie After A Whirlwind French Wedding [PHOTOS]
- Prince William & Kate Middleton Caught Flirting In A Countryside Dinner Date [PHOTOS]
- Chris Martin Getting Serious With Jennifer Lawrence, Actress Joining Coldplay Tour [PHOTOS]
Join the Conversation
- Apple iPhone 6 Actual Release Date after September 9 Confirmed 128GB Variant with New Resolution
- Moto G2 Release Roundup: Specs, Pricing, and Release Date Details
- PlayStation 4 Killing Xbox One Costing Microsoft Millions But It's Fine
- Google Chrome 64-bit for Windows 8 and Window 7 with Mac Beta Available
- Apple iOS 8 vs Android 5.0 L: OS Wars Puts Android to Lower while Apple to Higher
- Nexus 6 on Release Date Confirmed with Phablet-Size Display as FCC Filing Hints of 5.9-Inch Screen
- Pricey iPhone 6 on Release Date Likely but with 3X Retina Resolution & Mobile Payment Service – Reports