x PhoneArena is hiring! Reviewer in the USA

Jelly Bean beefs up Android security

Posted: , posted by Michael H.

Tags :

Jelly Bean beefs up Android security
One of the number one knocks on Android has continuously been with its security troubles. The slow updates mean that security updates don't get pushed out to devices, and there have been a few cases of "malware" popping up in the Play Store. Of course, how much of a threat those apps have posed depends on how you define "malware". Still, Google has put in a pretty solid bump in security with Android 4.1 Jelly Bean.

According to the changelog we saw yesterday, the only mention of a security update was that "device encryption" has been made "more reliable". But, some digging by Duo Security has also been looking into the new support for ASLR, which is address space layout randomization. ASLR randomizes the memory locations for most of the data structures in Android. This randomization makes it far more difficult for hackers because it randomizes where potentially malicious code would be written. This combines with Android's existing data execution prevention to make it extremely difficult to load malicious code in Jelly Bean. 

ASLR isn't exactly new to Android, as it did exist in ICS, but the problem was that in ICS the support didn't really use the "randomization" part of ASLR. Without the randomization, it's easy to know where code will be deployed, making for much more effective malicious code. Jelly Bean is the first Android update to support full ASLR. Of course, iOS has implemented full ASLR since iOS 4.3, but we haven't seen a proper comparison between iOS 5 and ICS or Jelly Bean security, so it's hard to make a statement as to which is better. The last comparison we saw pitted iOS 5 against Gingerbread, which makes sense given each is the largest version on the market, but not quite fair as far as what Android offers now. 

  • Options

posted on 17 Jul 2012, 14:37 7

1. Non_Sequitur (Posts: 1111; Member since: 16 Mar 2012)

Why are there drop tests? Because people damage their phones.
Why do people care about malware? Because people aren't smart about what they download.
It's really simple here, guys.

posted on 17 Jul 2012, 14:44 2

2. clevelandiskindacool (Posts: 37; Member since: 03 Jul 2012)

So with iOS and jelly bean using essentially the same security, will we be seeing similar levels of malware threats across both platforms?

posted on 17 Jul 2012, 15:08 3

3. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)

Great news on the ASLR front. ASLR is basically mandatory for any O/S to claim that it is 'secure'. Now all that is needed is for the carriers to work with the handset manufacturers to move JB out to the handsets as quickly as possible.

posted on 17 Jul 2012, 15:44

4. Brewski (Posts: 445; Member since: 05 Jun 2012)

Droid X Doug, I actually still use a Droid X (Which was the best phone you could buy at the time it was released) and I will never see JB on my phone...

posted on 17 Jul 2012, 16:05

5. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)

It is a shame the X will never see JB or ICS. It was a great phone in its time. But technology marches on, and now it seems the top spot in the Android segment is held by the GS III.

posted on 17 Jul 2012, 18:53 1

7. Jimstar (Posts: 259; Member since: 24 Oct 2011)

You can prettymuch thank Google for that. I really don't understand why they thought making the OS so much more RAM hungry would be a great idea.

posted on 17 Jul 2012, 19:20 2

8. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)

Meh. DX was single core CPU, so I don't think the user experience would have exactly been compelling, either. DX is a 2 year old handset. Can either keep using it or upgrade to a new handset. 3GS is not getting some of the new enhancements to iOS, 4 doesn't get the Siri love. WP7.5 handsets are getting the middle-fingered wave from MS. Don't go hating on Google.

posted on 17 Jul 2012, 22:18 1

10. bayusuputra (Posts: 963; Member since: 12 Feb 2012)

Just FYI, my Desire S has only 565mb of available RAM, and it can run JB smoother than ICS.. And it is only Single Core S2 processor..

IMO, the OSes are light enough to be used in the Droid X, it is already ported to HD2, too. So it's not really Google's fault, since they release the codes free to the masses. The only thing that makes you won't be able to taste the latest dessert is your OEM and Carrier. They want money from you, and that's about it. They won't upgrade it, although your device is capable (ICS can run on the HTC G1!) , simply because they want you to buy new products from them. Imagine if all these devices will get the latest OS all the time? Then we won't be seeing the sales of SGS2, SGS3 or the newest Droid, or One X go as far as now.

So i'll thank OEMs and carriers for that instead..

posted on 17 Jul 2012, 18:22 7

6. som (Posts: 768; Member since: 10 Nov 2009)

I love Android OS and I hate WP OS.

posted on 17 Jul 2012, 20:17

9. JC557 (Posts: 1808; Member since: 07 Dec 2011)

Does this mean I can sue Verizon for holding back the Rezound's ICS update since it could be a security issue. Maybe I can sue htc as well just to send a message.

posted on 17 Jul 2012, 23:19

11. g2a5b0e (Posts: 3915; Member since: 08 Jun 2012)

Good luck with those suits...we'll see how far you get with those.

posted on 18 Jul 2012, 00:56 1

13. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)

There is a saying - you can get as much justice as you can afford.... JC - how deep is your bank account?

posted on 17 Jul 2012, 23:58

12. Shubham412302 (Posts: 469; Member since: 09 Nov 2011)

android should get secure boot also like PC and wp8

Want to comment? Please login or register.

Latest stories