The Android 4.0 operating system, otherwise known as “Ice Cream Sandwich”, has been in the security news recently. Android 4.0 is possibly Google’s most secure operating system, to date, so to hear that Android 4.0 has added address layout randomization (ASLR) is good news for enteprise and mobile security for end-users (consumers included :)) in general.
In the past security researchers have complained about Android security and privacy shortcomings and that BlackBerry OS 6/7 and iOS are more secure for enterprise and consumers. ASLR comes at a good time for Android/Google which has been under “patent attack” recently from Microsoft and Apple. ASLR has been added to Android 4.0 to add additional protection in stopping buffer overflows and memory corruption attacks.
11/14/11 update: This is a good read for the techies among us. 🙂 Android Ice Cream Sandwich face unlock feature (facial recognition) compromised using Galaxy Nexus http://t.co/WLrhAAx0 (opens a new browser window)
The iPhone for example already has ASLR and DEP (data execution protection) and it has had this for some time now – oh and don’t forget sandboxing – iOS comes with this too. The latter stops apps from talking to each other and isolates the core system from malicious attacks. Important to note here that ASLR, DEP and sandboxing have been on Windows OS and Mac OS X for some time now.
In addition to ASLR, Android 4.0 also includes significant improvements to its’ API and VPN connectivity which allows for apps to have improved management of authentication and secure sessions. Android is clearly on the move in the enterprise space too. BlackBerry, Microsoft and Apple will be keeping an eagle eye on Android developments over the coming months.
Safe surfing folks!