In association with heise online

25 October 2011, 12:01

Android 4.0 gets ASLR to improve security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Android icon Google have added ASLR (address space layout randomisation) to Android 4.0, code-named Ice Cream Sandwich, in an attempt to make the mobile device operating system more resistant to attackers. ASLR's addition is mentioned in Google's Android 4.0 Platform Highlights document.

Often, exploits use the fact that a particular function or library resides at a particular memory location to call that function when manipulating heaps or exploiting other memory errors. ASLR works by ensuring that system and application code does not appear in the same place every time it is loaded. Apple's iOS has had ASLR support since iOS 4.3; that protection was overcome in July by Comex's iPhone jailbreak.

Google says that it has also improved the management of user credentials in Android 4.0 with a new keychain API which works with encrypted storage and lets applications use it to store and retrieve private keys and certificates.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit