Jelly Bean beefs up Android security
changelog we saw yesterday, the only mention of a security update was that "device encryption" has been made "more reliable". But, some digging by Duo Security has also been looking into the new support for ASLR, which is address space layout randomization. ASLR randomizes the memory locations for most of the data structures in Android. This randomization makes it far more difficult for hackers because it randomizes where potentially malicious code would be written. This combines with Android's existing data execution prevention to make it extremely difficult to load malicious code in Jelly Bean.According to the
ASLR isn't exactly new to Android, as it did exist in ICS, but the problem was that in ICS the support didn't really use the "randomization" part of ASLR. Without the randomization, it's easy to know where code will be deployed, making for much more effective malicious code. Jelly Bean is the first Android update to support full ASLR. Of course, iOS has implemented full ASLR since iOS 4.3, but we haven't seen a proper comparison between iOS 5 and ICS or Jelly Bean security, so it's hard to make a statement as to which is better. The last comparison we saw pitted iOS 5 against Gingerbread, which makes sense given each is the largest version on the market, but not quite fair as far as what Android offers now.