Google’s Android platform has been lambasted for a long time to have poor security when compared to other mobile platforms, such as iOS by Apple. Hackers in the past have been able to make use of a number of exploits in the earlier versions of Android OS. However, with the latest release of Android JellyBean, Google seems to have ramped up security for its OS.
According to security researchers, it had been fairly easy for hackers to exploit earlier versions of Android. This was precisely because until now, Google hadn’t implemented Address Space Layout Randomization (ASLR). Hackers will find, one way or the other, to have their own code loaded into the executable sites on the OS. But with ASLR, they are no longer sure where their code is going to be loaded. This randomization is very effective in safeguarding a piece of software.
Google did implement ASLR in Ice Cream Sandwich but it was ineffective because all of executable regions in ICS were loaded at the same time. However, with JellyBean, Google had changed this. In Jelly Bean, Google has properly implemented ASLR which makes it very hard for the hackers to exploit the OS.
According to a very seasoned smartphone hacker, “As long as there’s anything that’s not randomized, then it (ASLR) doesn’t work, because as long as the attacker knows something is in the same spot, they can use that to break out of everything else. Jelly Bean is going to be the first version of Android that has full ASLR and DEP, so it’s going to be pretty difficult to write exploits for that.”
The efficacy of ASLR can be gauged from the fact that it has been implemented in Apple’s iOS since the last sixteen months, thus making the security of iOS devices far better than their Android counterparts.
Source: Duo Security