Google’s latest release in the Android space, Jelly Bean (Android 4.1), has been stated as the safest Android mobile operating system yet.
As per an Ars Technica report, the platform was designed to protect users from malevolent installations and has been properly fortified with an industry-standard defense.
Jelly Bean, in reality, is the first version of Android to suitably execute address space layout randomization (ASLR) protection. What this does is it randomizes the memory locations for the library, stack, heap and other OS data structures.
Moreover, ASLR, when combined with data execution prevention, will be able to protect users from hacks that go on to exploit memory corruption bugs. Although the same technology was used in the previous Android version, Ice Cream Sandwich, it reportedly did not randomize the locations of various commands and was largely unsuccessful at preventing real-world attacks.
“As long as there’s anything that’s not randomized, then it (ASLR) doesn’t work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else,” principal research consultant for security firm Accuvant, Charlie Miller told Ars Technica. “Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it’s going to be pretty difficult to write exploits for that.”
But how does it compare against Apple’s iOS? As per the report, iOS has featured fully implemented ASLR and DEP for the past 16 months. The Cupertino-based company has even introduced the code signing technology. This has been designed to prevent unauthorized applications from running on a device by requiring a valid digital signature. Google is yet to introduce this technology into its mobile operating system.
And although the 2009 debut of OS X Snow Leopard failed to randomize core parts of the OS, those omissions were finally fixed with the later release of OS X Lion.
