Jelly Bean gets serious about security

Jul 17, 2012
2

Android has a long-running history of security issues, but in the latest Android release - 4.1 Jelly Bean - Google has stepped its game up quite a bit. Jelly Bean is the first Android release to fully implement address space layout randomization (ASLR) which, when implemented properly, should randomize the memory location for all data structures like the stack, heap, and library. The technology was only half-present in Android 4.0 Ice Cream Sandwich as it didn't randomize the location of everything, thus opening up some vulnerabilities that hackers could take advantage of.

In Jelly Bean, not only has Google implemented ASLR fully, but it has also combined ASLR with data execution prevention (DEP), which will help keep users safe from hacks that exploit memory corruption bugs. Google has come a long way in strengthening Android's security with the release of 4.1 Jelly Bean, but unfortunately, Apple still has it beat with the security measures found in iOS.

NOTE: Check out our in-depth Android 4.1 Jelly Bean review as well!

Not only has Apple made use of ASLR and DEP for over a year now, but Apple has also implemented code signing technology, which requires that applications have a valid digital signature in order to run. Code signing technology still isn't present in Android (though, to be fair, it's likely coming soon), so until Google implements that, Apple will still have it beat as far as security is concerned.

Still, this is a great big leap for Android security, and the roll out of these measures should do a lot to please the millions of Android users out there. Android is getting there, so maybe someday soon we can say that Android is just as secure as iOS is.

[via Duo Security]


Must Read Bits & Bytes