Android Jelly Bean: The Most Secure Android Version
By Mary Elaine Ramos | July 18, 2012 4:06 PM EST
Google has just unveiled the latest Android version which is Android 4.1 Jelly Bean which would bring about new and improved features. Aside from improved features, Googel also assures users that the Android Jelly Bean is the most secure version of Android they ever released.
Jon Oberheide, a security researcher, wrote an analysis which detailed the security features of Android 4.1 Jelly Bean. According to Mr Oberheide, "Android has stepped its game up mitigation-wise in the new Jelly Bean release." This means that Android Jelly Bean is able to defend its system against potential security risks such as hackers installing virus, malware, and other vicious software attacks.
One of the reasons identified as to why Android Jelly Bean is considered as "secure" is due to the use of Address Space Layout Randomisation (ASLR). ASLR works through randomising location in the memory function of the device. Aside from ASLR, Android Jelly Bean also utilised another security feature which is identified as date execution prevention (DEP). The combination of these two features is a good defense because hackers tend to break into handsets through the use of memory corruption bugs. The combination of ASLR and DEP would mean that hackers cannot locate the malicious code that can be found in the device's memory.
Charlie Miller, a veteran smartphone hacker and principal research consultant at Accuvant security firm, also supported this finding. According to Mr Miller, "As long as there's anything that's not randomised, then (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else. Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that."
The report also revealed that aside from ASLR and DEP, Android Jelly Bean also has defenses against other attacks such as information leakage, buffer overflows, and additional memory vulnerabilities. Despite that, the non-inclusion of "code signing" was identified as a small weakness for Android Jelly Bean. Other OS, most specifically Apple's OS, has already incorporated the three functions (ASLR, DEP, and code signing) in their OS.
Mr Oberheide ended his analysis by writing his final thoughts on the matter:
"[Excerpt]" While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6. One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing. Thankfully, Android is getting there, and Jelly Bean is a major step towards that goal.
To contact the editor, e-mail:
Most Popular Slideshows
- In Photos, Typhoon Rammasun Blasts the Philippines
- Ellen DeGeneres Caught Cheating with Mutual Friend Before Portia de Rossi’s Rehab – Reports [PHOTOS]
- Flight MH17 Attack: Russians Claim 'Putin A Terrorist,' Memorial at Dutch Embassy Overflows [PHOTOS]
- Malaysia Airlines MH17: Vital Black Boxes Finally Land in Hands of Malaysian Authorities, Rebels Announce Ceasefire (PHOTOS/VIDEOS)
Join the Conversation
- Malaysian Airlines Flight 17: Air Carrier to Give $5,000 Assistance to Victims’ Families; Bankruptcy Looms as 2 Air Mishaps Would Cost Firm Minimum $80.55 M Compensation
- Foxconn And Pegatron Corp Readies For Apple's iPhone 6 Mass Production This Month
- KFC & McDonald’s Accused of Serving ‘Expired’ Meat to Customers
- California Fruits Recalled in USA and Canada for Possible Listeria Contamination
- Malaysian Airlines Ukraine Tragedy Hits Asian Stock Markets
- Google Nexus 8 Release Date Soon Along with 2 More HTC Android Tablets – Reports
- Windows Phone 8.1 Update Rollout: 20 Nokia Lumia Phones Eligible and 13 New Features to be Added
- Moto 360 Price Speculations, Key Features, Strategic Release Date, Design: A Watch That is More Than Just Time
- Sony PlayStation 4 Outsells a Resurgent Xbox One in June
- Killer Xiaomi Mi4 at $369 Likely to Come With 5.0-Inch Display, Snapdragon 801 Processor, 3GB RAM and More
- Three New Moto G Successors Spotted in FCC Document Dubbed Moto G2, Moto M and More --Reports
- NVIDIA Shield Gaming Tablet with Tegra K1 SoC Reported to be Released on July 29