+

The malicious apps threat on Android Jelly Bean 4.1

July 24, 2012


While at Google I/O last month Julian reported that Android Jelly Bean (version 4.1 and 4.1.1) SD permission security had been strengthened as well as introducing app encryption as part of Google’s app anti-piracy measures. These were much needed improvements not only for developers but also for Android device users. So for the tech readers in droid land I wanted to dig a little deeper to discuss some other Android Jelly Bean 4.1 security developments.

Outside of the above mentioned improvements, Android 4.1 (including 4.1.1) introduced Address Space Layout Randomization (ASLR) (see bootnote) and Data Execution Prevention (DEP). ASLR moves for example critical executables and libraries to random locations. An exploit could occur if key pockets of data are not randomised – in this case an executable for an app. ASLR aims to stop memory corruption attacks often linked to bugs being found in complex pieces of code. DEP on the other hand is designed to prevent a hacker form executing a piece of code that is established to be non-executable. There is a problem with thinking ASLR more of less removes the malware threat though. It doesn’t. Read more….Comments

Tagged with:

Leave a Comment

Please keep in mind that comments are moderated and rel="nofollow" is in use. So, please do not use a spammy keyword or a domain as your name, or it will be deleted. Let us have a personal and meaningful conversation instead.

You must be logged in to post a comment.


IT MAGAZINES: Hakin9 Magazine | Pentest Magazine | eForensics Magazine | Software Developer's Journal | Hadoop Magazine | Java Magazine
IT Blogs: Hakin9 Magazine Blog | Pentest Magazine Blog | eForensics Magazine Blog | Software Developer's Journal Blog | Hadoop Magazine Blog | Java Magazine Blog
IT ONLINE COURSES: Pentest Laboratory
JOB OFFERS FOR IT SPECIALIST: Jobs on Hakin9 Magazine | Jobs on Pentest Magazine | Jobs on eForensics Magazine | Jobs on Software Developer's Journal | Jobs on Java Magazine | Jobs on Hadoop Magazine
Hakin9 Media Sp. z o.o. Sp. komandytowa ul. Postępu 17D, 02-676 Warszawa