Ever heard of ASLR? It’s a security feature that is used in many different opearting systems such as Windows XP or iOS6. For quite a while Android has been avoiding it and then used a little bit of it in Android 4.0. Now with the release of Jelly Bean it is being used to its fullest, but this implementation of ASLR still lags behind the security of the soon to be released, iOS 6.
Wikipedia defines ASLR quite well:
“Address space layout randomization (ASLR) is a computer security method which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process’s address space.”
“Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the related memory addresses are obscured from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.”
Changing the way security work’s in OS’s can be worrisome because they could just mess something up and all your data could be easily exploited. Your data is more at risk now on Gingerbread or Ice Cream Sandwich because it’s easier to exploit. If you stay away from unofficial sites that want to download apps to your device though, you should be fine. Otherwise, this added feature in Jelly Bean is great!
For now though, we sit and wait for Jelly Bean devices to release.
source: Cool Smartphone