Jelly Bean beefs up Android security, ELFs get harder

Jelly Bean beefs up Android security, ELFs get harder“What’s new in Android Jelly Bean?” is a common question at the moment. Fortunately, some Mobot guy scribbled a feature called Everything you need to know about Jelly Bean. What a lovely chap.

However, there’s a whole bunch of stuff that consumers mightn’t necessarily be aware of, including significantly enhanced security. Get ready for some fantastic jargon, boys.

Ice Cream Sandwich (Android 4.0) introduced a little something called Address Space Layout Randomization (ASLR), making malware attacks less effective by – you guessed it – randomising key locations in memory. Makes sense so far.

However, Jelly Bean (Android 4.1) has taken it to the next level. We’ve now got Position Independent Executables (PIE), Heap/Brk Randomization, and Linker Randomization.

Still not satisfied? How about ELF Hardening (RELRO/BIND_NOW) and Infoleak Prevention (dmesg_restrict / kptr_restrict)?

Clearly I have absolutely no idea what I’m talking about, but if ELF Hardening gets your motor running, you can read about it - and all those other features - in tons more detail over at Duo Security.

Read more about: Android

Add a comment
 1 comment

barrybarryk  Jul. 18, 2012 at 12:44

it won't make much difference, both the Android and iOS SDKs allow 'malware' to be created well within the normal APIs. There are no exploits needed and 'apps' aren't removed from either store for accessing information they don't need.

The only thing you can do to keep your information secure on an Android or iOS device is just not store it there. There's virtually no security testing done on any apps in the stores and as long as they bury, somewhere in the license (which no one ever reads), that a particular app will access and share your info there's nothing anyone can do about it.


You don't need an account to comment. Just enter your email address. We'll keep it private.