With the latest release of Android’s next alteration, Jelly Bean. Google has taken another step ahead in making it as secure as possible. The new Android 4.1 a.k.a Jelly Bean is much secure and incorporates industry standard security defense.
IT has been stated by certain security analysts and experts that Android Jelly Bean is the first Android version to show strong defenses against malicious programs and malware attacks. In a report, Jon Oberheide, Security researcher said that Jelly Bean is the first version of Android to incorporate a security technique known as Address Space Layout Randomization (ASLR) that is known for randomizing memory locations for OS structures like heaps, stacks, etc. As a result Hackers have no idea where their programs will load in the memory thus reducing the chances of malware attacks. When this technique is combined with another defense known as Data Execution Prevention (DEP) it can neutralize most of the attacks.
Google introduced the ASLR defense in their previous Android version Ice Cream Sandwich as well but it was ineffective because in ICS heap, libraries and loaders were loaded at the same location every time thus rendering ASLR totally useless.
“As long as there’s anything that’s not randomized, then it (ASLR) won’t work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else“
said Charlie Miller, a veteran phone hacker. Miller has written different software exploits for last 7 years. He says that Jelly Bean is the first version of Android to use both ASLR and DEP techniques and it will be very difficult (near impossible) for hackers to write exploits for it.
Now all Android lacks is code signing, it has been long present in iOS. Code signing prevents unauthorized apps to execute and requires a digital code signature to be loaded into the meory before the program is executed.