Android Jelly Bean: The Most Secure Android Version
By Mary Elaine Ramos | July 18, 2012 4:06 PM EST
Google has just unveiled the latest Android version which is Android 4.1 Jelly Bean which would bring about new and improved features. Aside from improved features, Googel also assures users that the Android Jelly Bean is the most secure version of Android they ever released.
Jon Oberheide, a security researcher, wrote an analysis which detailed the security features of Android 4.1 Jelly Bean. According to Mr Oberheide, "Android has stepped its game up mitigation-wise in the new Jelly Bean release." This means that Android Jelly Bean is able to defend its system against potential security risks such as hackers installing virus, malware, and other vicious software attacks.
One of the reasons identified as to why Android Jelly Bean is considered as "secure" is due to the use of Address Space Layout Randomisation (ASLR). ASLR works through randomising location in the memory function of the device. Aside from ASLR, Android Jelly Bean also utilised another security feature which is identified as date execution prevention (DEP). The combination of these two features is a good defense because hackers tend to break into handsets through the use of memory corruption bugs. The combination of ASLR and DEP would mean that hackers cannot locate the malicious code that can be found in the device's memory.
Charlie Miller, a veteran smartphone hacker and principal research consultant at Accuvant security firm, also supported this finding. According to Mr Miller, "As long as there's anything that's not randomised, then (ASLR) doesn't work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else. Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it's going to be pretty difficult to write exploits for that."
The report also revealed that aside from ASLR and DEP, Android Jelly Bean also has defenses against other attacks such as information leakage, buffer overflows, and additional memory vulnerabilities. Despite that, the non-inclusion of "code signing" was identified as a small weakness for Android Jelly Bean. Other OS, most specifically Apple's OS, has already incorporated the three functions (ASLR, DEP, and code signing) in their OS.
Mr Oberheide ended his analysis by writing his final thoughts on the matter:
"[Excerpt]" While Android is still playing a bit of catch-up, other mobile platforms are moving ahead with more innovation exploit mitigation techniques, such as the in-kernel ASLR present in Apple's iOS 6. One could claim that iOS is being proactive with such techniques, but in reality, they're simply being reactive to the type of exploits that typically target the iOS platform. However, Apple does deserve credit for raising the barrier up to the point of kernel exploitation by employing effective userspace mitigations such NX, ASLR, and mandatory code signing. Thankfully, Android is getting there, and Jelly Bean is a major step towards that goal.
To contact the editor, e-mail:
Most Popular Slideshows
- Pope Francis Meets Sudanese Woman Who Was Spared Death for Apostasy (PHOTOS)
- Malaysia Airlines Flight MH17: King Williem-Alexander, Queen Maxima Hold Solemn Reception Ceremony for Victims
- Jennifer Lawrence & Nicholas Hoult Allegedly Split: Mad Max Actor Cheats with Kristen Stewart & Riley Keough - Reports
- Celebrities Suffering From Lupus: Facts About the Disease
Join the Conversation
- Malaysia Airlines Considers Changing Name After MH370 and MH17 Tragedies
- Fast Food Meat Scandal: McDonald’s Suspend Nuggets and McSpicy Chicken Filets
- Air New Zealand Flies Boeing 787-9 Dreamliner
- Solution to Your Old Unwanted Phones Comes with MobileMuster Scheme
- IBM Named Leader in Worldwide Managed Security Services
- Apple iPhone 6 on Two Confirmed Release Dates, New Parts Leaked Suggesting Bigger iPhone to Come
- Google Nexus 6, 8 with Android L on Release Date Promises Killer Mobile Device Experience
- iPhone 6 Release Date Relevance to iOS Newbies: Specs Meaning, Price Considerations
- Xiaomi Mi4 vs OnePlusOne vs Nexus 5: Mi4 is the ‘Perfect’ Phone
- Israeli Women Stripping Naked for IDF Soldiers
- HTC One M8 Android 4.4.3 KitKat Update Roll Out, Introducing the HTC One Remix
- Shocking Video of Pedigree Dog Culling in Bali Emerges [Video]