The latest Android offering from Google, the 4.1 Jelly Bean is the first operating system that randomizes the address space location. This is one of the major reasons why hackers and developers looking to crack it are finding it very difficult to do so.
Jon Oberheide, CTO of Duo Security, a firm that follows all the Address Space Randomization Location related attempts, has been following that specifically for Android 4.1 and reached this conclusion.
ASLR is a crafty system that makes the whole attempt vain as it randomizes the address space, which makes hackers unable to identify where to target their attacks to, and, although the previous version of the Android 4.0 Ice Cream Sandwich was also launched with a simpler property, its inability to randomize reasonably large chunks of the address space made it unsuitable for ASLR. However, just to be fare, to ICS up until the middle of 2010, Linux kernel did not come up with an ASLR solution for the ARM architecture. ARM is incidentally the most widely used processor technology used in cell phones around the globe, with more than 90% of all cell phones having at least one of them.
Additional security features in the 4.1 JB includes a system to prevent leakage of system information following any hacking attempts. This is vital for the stability of the kernel and desist the possible future attempts to further hack.
In spite of all these security features, Android is still no way near some of the other operating system such as Apple’s iOS, which has recently launched kernel ASLR with iOS 6. On their part, they are only responding to some of the threats that have made the kernel their target. But to their credit, Apple has certainly raised the bar when it comes to security of kernels and mitigating the threats of kernel attacks in cell phones.