Android Jelly Bean: The Most Secure Android Version
By Mary Elaine Ramos | July 18, 2012 4:06 PM EST
Google has just unveiled the latest Android version which is Android 4.1 Jelly Bean which would bring about new and improved features. Aside from improved features, Googel also assures users that the Android Jelly Bean is the most secure version of Android they ever released.
Jon Oberheide, a security researcher, wrote an analysis which detailed the security features of Android 4.1 Jelly Bean. According to Mr Oberheide, "Android has stepped its game up mitigation-wise in the new Jelly Bean release." This means that Android Jelly Bean is able to defend its system against potential security risks such as hackers installing virus, malware, and other vicious software attacks.
One of the reasons identified as to why Android Jelly Bean is considered as "secure" is due to the use of Address Space Layout Randomisation (ASLR). ASLR works through randomising location in the memory function of the device. Aside from ASLR, Android Jelly Bean also utilised another security feature which is identified as date execution prevention (DEP). The combination of these two features is a good defense because hackers tend to break into handsets through the use of memory corruption bugs. The combination of ASLR and DEP would mean that hackers cannot locate the malicious code that can be found in the device's memory.
Charlie Miller, a veteran smartphone hacker and principal research consultant at Accuvant security firm, also supported this finding. According to Mr Miller, "As long as there's anything that's not randomised, then (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else. Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that."
The report also revealed that aside from ASLR and DEP, Android Jelly Bean also has defenses against other attacks such as information leakage, buffer overflows, and additional memory vulnerabilities. Despite that, the non-inclusion of "code signing" was identified as a small weakness for Android Jelly Bean. Other OS, most specifically Apple's OS, has already incorporated the three functions (ASLR, DEP, and code signing) in their OS.
Mr Oberheide ended his analysis by writing his final thoughts on the matter:
"[Excerpt]" While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6. One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing. Thankfully, Android is getting there, and Jelly Bean is a major step towards that goal.
To contact the editor, e-mail:
Most Popular Slideshows
- George Clooney And Amal Alamuddin's Wedding In Venice: Photos Of Groom And His Family, Friends [Slideshow]
- NFL Recap - Week 4: Green Bay Packers 38, Chicago Bears 17 [PHOTOS]
- Walking Is Superfood For Fitness; Celebrities Who Walk For Health
- Derek Jeter With The New York Yankees Through The Years [IN PICTURES]
Join the Conversation
- Hong Kong Protests Cause Closure Of Banks & Instagram Outages In China
- Federal Court Orders Coles To Hang Signs For 3 Months That It Passed Off Par-Baked Bread As Fresh From The Oven
- Microsoft To Have Its Own Retail Outlet in Manhattan
- Telstra To Convert Old Payphones Into Wi-Fi Hotspots
- #Bendgate Video Hits Almost 46 Million In 5 Days, But Impact On Apple’s Finances Minimal
- Forget Nexus 6 Release Date, Android Phones Will Soon Showcase Pure Google Apps & Features
- 3 Reasons to Get the Samsung Galaxy Note 4 Instead of the iPhone 6
- iPhone 6 vs Moto G 2014: Motorola’s Budget Smartphone Takes On Apple’s Premium Smartphone
- BlackBerry Passport Sold Out As Preorders Reached 200,000
- iOS 8 And iOS 8.0.2 Security Flaw Revealed, Anyone Can Easily Bypass Touch ID And Passcode Security Features
- Galaxy Note 4 vs Nexus 6: Which Smartphone Dominates
- Ukraine Under Pressure To Accept EU Brokered Gas Deal With Russia: Resists High Prices Demanded By Russia