back to article Google shakes up Android Jelly Bean to fend off malware meanies

Android Jelly Bean 4.1 promises to be more secure than previous versions of the Google's mobile OS. The big news is that the software now properly implements Address Space Layout Randomization (ASLR), a technique designed to make malware-based attacks more difficult. The latest Jelly Bean iteration was released to select …

COMMENTS

This topic is closed for new posts.
  1. Kwac
    FAIL

    Xoom

    Dear Google

    On behalf of Motorla Xoom users outside the USA, when can we expect and update to Ice Cream Sandwich (from Honeycomb)?

    Looks like I'll be asking about an update from ICS to Jelly Bean in about a year.

    1. MikeS

      Re: Xoom

      moto's support outside the US has been abysmal.

      however if you have the wifi zoom theres good news, just download a US rom from the motorola web site and you turn it into a 'google-experience-device' you will get an immediate update to ICS, and Jellybean when thats released in a couple of weeks.

      If you have the 3g zoom, download the Telefonica rom (from motorola developer web site) and you will get the update to ICS.

      it is very easy to do and means you are running an officlal rom (rather than one of the many custom roms also available)

      take a look at the forums on xdadevelopers (or just google)

      1. Peter Johnstone
        FAIL

        Re: Xoom

        Couldn't agree more.

        According to this: https://forums.motorola.com/pages/00add97d6c, The ICS upgrade is still planned for quarter 2 of 2012 and now most of July is gone. Note that this document was updated on the 2nd of July!

        Fail icon as it describes motorola's international support, not a comment on the above posts both of which I've up voted.

    2. James Hughes 1

      Re: Xoom

      What have Google got to do with Android on Motorola phones - it's nothing to do with them. Google have released the ICS and JB code - it's up to Motorola to use it. Blame Motorola, not Google.

      1. Kwac
        FAIL

        Re: Xoom

        you'll never guess which company bought Motorola.

        clue, their name starts with a letter 'G' and they are in competition to Microsoft's Being.

  2. toadwarrior
    Facepalm

    It's just like Micirosoft. Each version they promise they say they got it right this time.

    1. Neil Lewis
      Linux

      Compare and contrast

      MS release 'upgrades' to persuade you to part with yet more cash.

      Google charge nothing for Android.

      1. Tom Chiverton 1 Silver badge

        Re: Compare and contrast

        Umm, why do you think your handset costs 500 hundred quid ? Think that's all parts ?

        1. Anonymous Coward
          Anonymous Coward

          Re: Compare and contrast

          "Umm, why do you think your handset costs 500 hundred quid ? Think that's all parts ?"

          Try the manufacturing process, parts, patent lawsuits and if it's a Google experience device, the Android license fee for the use of the Google apps (Play Store, Maps etc.) and Andriod name.

          Android itself is free. Any manufacturer can download the source and build it themselves if they want. Of course there is always associated cost in adapting it to the device hardware but the manufacturers don't have to pay Google a penny if they choose not to.

          Samsung etc. have their own dev's working on TouchWiz which of course will also be added into the cost of those devices.

      2. AdamChew

        Re: Compare and contrast

        But to buy more handsets .

        So essentially it is the same that is giving more money to the telson and phone manufacturers.

        Btw Virginia there is no free lunch.

      3. RICHTO
        Flame

        Re: Compare and contrast

        Since when have Microsoft charged for Service packs? Only Apple do that...

    2. RICHTO
      Mushroom

      Except they are at least 5 years behind Microsoft in terms of security...

  3. Anonymous Coward
    Anonymous Coward

    Shoudn't the title be " GOOGLE'S ANDROID JELLY BEAN CATCHES UP WITH COMPETITION IN FENDING SOME MALWARE MEANIES

    1. Mark Eccleston

      Yes

      IF THE HEADLINE WANTED TO PROJECT THAT IT WAS ANGRY AND SHOUTING

      1. Anonymous Coward
        Anonymous Coward

        Re: Yes

        Can anyone advise just which wanker decided that capitalisation was shouting?

        When I shout, I do not do so using capital letters!

        Its just another wank decision adopted by the great unwashed.

        1. The Baron
          Headmaster

          Re: Yes

          > Its just another wank decision adopted by the great unwashed.

          I think it's a very good convention. Widely established, easy to learn, simple to use, and effective on any plain text system.

          Back in the days of BBS, after lower case arrived but before bold, italics, and underlining, people started writing words in all-caps when they wanted to emphasise a point, WHICH WAS USUALLY WHEN THEY GOT ANGRY AND REALLY WANTED TO MAKE SURE THAT EVERYBODY PAID ATTENTION!

          Since the analogous behaviour to this in spoken conversation is shouting, it was an easy and logical decision to adopt the convention that all-caps = shouting. There is an intuitive correlation between bigger letters, higher volume, and greater importance - at least in the mind of the originator.

          > When I shout, I do not do so using capital letters!

          And, no doubt, when you emphasise words whilst talking, you do not do so using bold or italic letters. I don't see the relevance of this point, unless you are suggesting that writing should be a direct and exact representation of the sounds of speech, in which case presumably we should also do away with formatting, punctuation, cases and so forth, and perhaps just move to drawing waveforms?

  4. Anonymous Coward
    Windows

    How dare you say that, Google is a good 5 years behind Microsoft in security, maybe more.

    1. Anonymous Coward
      Anonymous Coward

      It's all Apple's fault. If they'd implemented it earlier, Google could have copied it earlier.

  5. Anonymous Coward
    Anonymous Coward

    Is this a joke?

    The latest Jelly Bean iteration was released to select devices last week but is not due to come bundled with mainstream Android smartphones and tablets much before the end of the year

    End of what year? 2013?! Some high end devices don't even have ice cream sandwich

  6. Anonymous Coward
    Anonymous Coward

    Wow - new walls around a merengue foundation..

    I'm so glad they implemented ASLR - now if they could only start screening those apps so people wouldn't just INSTALL malware instead of being vulnerable to drive-by infections i would start to make a difference. But that would close the door for Google's own data sucking,no? (why else do you think 75% of Android only works after they have account details of you? That creates legal cover through you accepting their T&Cs).

    So yes, it's very Microsoft compatible: promises, just promises.

  7. heyrick Silver badge

    Half-assed attempt, if you ask me.

    Let us have some statistics: 1. Proportion of users affected by malware attacking the system, the issue ASLR is intended to fix; vs 2. Proportion of users affected by being tricked into accepting/installing dodgy apps because Android's permission system is shit and doesn't allow you to overrule the app's desire for "services which may cost you money".

    Perhaps Google ought to be held liable for every unwanted SMS send, every call to premium rate numbers by malicious apps, and every theft of account/contact details...until they understand that these things NEED to be user options (and screw what the app thinks it needs), you the user need to have the ability to say "no" to these sorts of requests.

    1. PyLETS
      Devil

      Re: Half-assed attempt, if you ask me.

      you the user need to have the ability to say "no" to these sorts of requests

      On Android you already have the ability to say no, but the app then has the ability to decline to install. What's needed is the ability to have an app think it has your location, but you the user can provide it with the location you want it to have. Or the app thinks it has the ability to send SMS, but these SMSs go to /dev/null and cost you nothing. Alternatively you should be able to force installation regardless, and take whatever functionality of the application is broken as a consequence. If your phone can run Cyanogen mod, you might want to consider this as an option.

      Also the permissions model probably isn't fine grained enough, and there is no obligation for the app to state why it wants you to grant it a particular permission. It isn't possible to make an informed security decision unless you know _why_ the app requests a particular permission.

      1. heyrick Silver badge

        Re: Half-assed attempt, if you ask me.

        "On Android you already have the ability to say no, but the app then has the ability to decline to install."

        In my understanding, that is not how it works.

        The installer program says "app wants this" and you say yes or no. If you say yes, it will install. If you say no, it is not installed. The app itself declines nothing. So no, the ability to say no is weighed against having or not having the app; it is a decision with coercion.

        As to the rest of your post... yes. There ought to be either a "tough crap, it might not work" option or a "faker" module that supplies bogus data to an app, puts texts to /dev/null and so on. You know, it is amazing how an app that wants my location and full internet access is able to continue without problems when in airplane mode!

        The permissions model definitely isn't fine-grained enough when we have things such as phone state (okay) being lumped together with phone identity (not okay!). Programs can set themselves up to start at boot and you can't turn this off (doubly-so with manufacturer forced bloatware that you can't even uninstall).

  8. CyrixInstead

    Battery Life

    All very nice, but will this version of Android give me back any of my precious battery life that ICS took away?

  9. Martin 63
    Happy

    XOOM ICS UK

    I got so bored of waiting, I used GEDify. Worked like a charm, but much like ICS on the G2, It prefers a USB 2 port. The only stumbling block was that I didnt turn USB debugging on. Turned it on and carried on. Perfect. Now Im waiting for JB to auto update it :)

    1. TeeCee Gold badge
      WTF?

      Re: XOOM ICS UK

      Is there anything Android USB related that doesn't require USB debugging to be on?

      I'm beginning to wonder why it's bloody switchable and off by default......

  10. eulampios

    ASLR: lack of research

    ASLR .... appearing in Windows Vista and Mac OS X since 2007, for example.

    And OpenBSD did it 4 years before as did the Linux PaX project (partial randomization is present in the kernel long before Vista too). Google just decided to implement its own for Android.

  11. Confuciousmobil
    Unhappy

    About time...

    Apple takes iOS security seriously and any flaw found is usually fixed very quickly and they try and stay ahead of the game.

    Google, on the other hand, make a half hearted attempt at patching holes - but when you have so many it really must be quite depressing for them.

    1. eulampios

      Re: About time...

      but when you have so many

      So many is how many? I can recall only one for the last year.

      Apple takes iOS security seriously

      Maybe they do, however Mac OSX was not the case though with those Java vulns. epic fails.

      1. RICHTO
        Mushroom

        Re: About time...

        IOS - circa 300 known security vulnerabilities

        Windows Mobile and Windows Phone (all versions) - circa 2 known vulnerabilities.

        QED.

        (See Secunia.org)

  12. Anonymous Coward
    Anonymous Coward

    Re: Half-assed attempt, if you ask me.

    The App you want is LBE Privacy Guard... of course there are others as well. Works well at allowing an app to think it has network access whilst not having network access... or your phone ID, or access to your contacts.

This topic is closed for new posts.