Home

Share this Story

Security Research Says Jelly Bean is the Most Secure Version of Android Yet

Jelly Bean certainly had its share of flashy upgrades to talk about during Google I/O. Now, we are slowly starting to learn about the many under-the-hood updates that Google added in. Digging through the code, security researcher Jon Oberheide said that Android 4.1 finally takes a step in the right direction with another layer of security, by properly implementing address space layout randomization, or ASLR.

To put it plainly, ASLR takes core pieces of the OS and randomizes them, thwarting would-be hackers by changing locations of places where they would like to exploit with malicious apps and websites. Ice Cream Sandwich debuted with ASLR, but not all the pieces of the OS were randomized. Some were static, leaving hackers to attack those parts each time. Good news for us Android users.

Via: Ars Technica

  • Androidandwp7equalsPower

    Android was always secure, its users who are dumb enough to download pirated apps.

  • leo

    So now when can I get it on my gs3?

  • zepfloyd

    Not to be negative, but how long will it be before most people even see JellyBean? :(

    There needs to be a better way to push important enhancements, and particularly around security. This is one of them.

    • ddevito

      just tell them to buy a Nexus 7 :p

      • EC8CH

        The question remains unanswered :p

    • http://twitter.com/ToysSamurai Toys Samurai

      Hate to admit it, it’s going to take MONTHS (must be in cap.) I would be surprised to see even the Galaxy S3 getting JB before the end of this year. People were excited when Google announced PDK, but I am pretty sure it will not help updating existing hardware. It may help OEM to release phones with the latest OS earlier (because this translates into sales directly), but don’t expect the PDK to cut down the OS update times — IMO, it just shows how naive Google is in managing its own platform. It simply doesn’t understand how the market works. You can’t just make something and expect everyone to adopt it just because it is a good product/service.

      • chris125

        Slow updates haven’t stopped people from buying android. Normal consumers have no idea what version they are on anyway.

    • Pedro

      Send ‘em by my house.
      They can look at my VZW GNex, or even the Wifi XOOM.

      fastboot oem unlock FTW

  • blood

    Didn’t they also encrypt apps in 4.1?

  • Camaros_Kill

    couldnt this possibly mean that rooting will be more difficult to accomplish?

    • Mike

      It’s my understanding that this affects memory locations, whereas rooting uses command line exploits. Since the rooting method doesn’t directly access memory, they aren’t related. I may be wrong though, so I look forward to an expert to chime in.

    • https://plus.google.com/110773438514346746273/ tjhrulz

      No that is at the kernel level and uses ADB this prevents runtime hacking.

    • ddevito

      hasn’t stopped anyone as of yet :)

  • New_Guy

    For Android to begin to be labeled a a secure OS is a very good thing for business.

    • ddevito

      When the iSmoke starts to clear I predict you will see a huge influx of the little green robot in the enterprise.

      Case in point, I work for a major NYC utility, and we deploy ruggedized form factor mobile machines in the field. The precious iPad wouldn’t last 5 minutes in our workers’ typical day environment.

      Not to mention I’m a java developer, so we write Android apps since we already use Java. No one here (even one guy who’s a huge iFan) wants to learn Objective-C

  • MikeSaver

    A friend is considering the Galaxy S3 or the Galaxy Nexus? Which should he get? He’s very interested in Jelly Bean and he’s on Verizon.

    • Kyle

      Nexus. GS3 wont see JB until 2013

      • CoCoCalypso

        ^^
        This

        • MikeSaver

          Where did you see S3 won’t get the update until S3

          • http://twitter.com/ToysSamurai Toys Samurai

            Nowhere, but history tells us that it won’t happen. Look, people who think like me are more than happy to be proven wrong, but unfortunately, Samsung likes to make us proud of our predictions.

            Sure, there may be third party JB ROMs available, but I don’t expect a Samsung made JB updates before 2012, and definitely don’t expect to see one for the Verizon S3.

          • MikeSaver

            Which is the better phone do you think? Galaxy Nexus w/ Jelly Bean or GS3 without it?

          • DontBeConfused

            It really depends. GS3 has locked bootloader. I personally am not looking to root anytime soon, so I’m good. I have a gs3, and its fantastic. Better processor more ram was big for me. The phone flies. They’ve also improved the screen. Look at both side. I have had no trouble with my phone. Radio works great. No GPS issues. I only mention it because I’ve read problems with the gnex. Don’t know about it first hand. I would assume they’ve been fixed. I highly recommend the gs3 though

          • MikeSaver

            Yeah those problems were fixed on the Gnex. I’ve really loved my Gnex and strongly recommend it, especially since it will get Jelly Bean first. Wanted to ask the experts here to weigh in.

      • http://twitter.com/ToysSamurai Toys Samurai

        1000% agree.

    • http://twitter.com/shobon (´・ω・)

      If he’s interested in Jelly Bean he should switch to a GSM carrier…

      Just kidding (sorta). Don’t expect an official JB update for the Vzw Gnex for another couple months, but there are plenty of functioning JB roms available. No clue about the SGS3 though.

      • http://twitter.com/Lancer033 Keith Hollis

        Stable 4.1 ROMs were out 2 days after Google announced it for the Vzn GNex. I’ve been on 4.1.1 for close to a week now.

  • ddevito

    One little, Two little, Three Little Endian… :p

  • ddevito

    Well, not that it would prompt me to revert back to ICS, but I would certainly hope so