Jelly Bean deemed safest version of Android yet; iOS still way more secure

Android Security Jelly Bean

Google’s latest version of its Android mobile operating system, known as Jelly Bean, is the safest yet. The platform was designed to protect users from malicious installations and has been properly fortified with an industry-standard defense, Ars Technica reported. Jelly Bean is the first version of Android to properly implement address space layout randomization (ASLR) protection, which randomizes the memory locations for the library, stack, heap and other OS data structures. ASLR, when combined with data execution prevention, will be able to protect users from hacks that exploit memory corruption bugs. The technology was used in Ice Cream Sandwich, however it reportedly did not randomize the locations of various commands and was largely ineffective at preventing real-world attacks.

“As long as there’s anything that’s not randomized, then it (ASLR) doesn’t work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else,” principal research consultant for security firm Accuvant, Charlie Miller told Ars Technica. “Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it’s going to be pretty difficult to write exploits for that.”

Apple’s iOS platform, on the other hand, has featured fully implemented ASLR and DEP for the past 16 months according to the report. The Cupertino-based company has also used code signing technology, which is designed to prevent unauthorized applications from running on a device by requiring a valid digital signature. Google has not yet introduced this technology into its mobile operating system.

Read

blog comments powered by Disqus