back to article Google shakes up Android Jelly Bean to fend off malware meanies

Android Jelly Bean 4.1 promises to be more secure than previous versions of the Google's mobile OS. The big news is that the software now properly implements Address Space Layout Randomization (ASLR), a technique designed to make malware-based attacks more difficult. The latest Jelly Bean iteration was released to select devices …

COMMENTS

This topic is closed for new posts.
FAIL

Xoom

Dear Google

On behalf of Motorla Xoom users outside the USA, when can we expect and update to Ice Cream Sandwich (from Honeycomb)?

Looks like I'll be asking about an update from ICS to Jelly Bean in about a year.

3
0

Re: Xoom

moto's support outside the US has been abysmal.

however if you have the wifi zoom theres good news, just download a US rom from the motorola web site and you turn it into a 'google-experience-device' you will get an immediate update to ICS, and Jellybean when thats released in a couple of weeks.

If you have the 3g zoom, download the Telefonica rom (from motorola developer web site) and you will get the update to ICS.

it is very easy to do and means you are running an officlal rom (rather than one of the many custom roms also available)

take a look at the forums on xdadevelopers (or just google)

3
0
FAIL

Re: Xoom

Couldn't agree more.

According to this: https://forums.motorola.com/pages/00add97d6c, The ICS upgrade is still planned for quarter 2 of 2012 and now most of July is gone. Note that this document was updated on the 2nd of July!

Fail icon as it describes motorola's international support, not a comment on the above posts both of which I've up voted.

2
0
Silver badge

Re: Xoom

What have Google got to do with Android on Motorola phones - it's nothing to do with them. Google have released the ICS and JB code - it's up to Motorola to use it. Blame Motorola, not Google.

1
1
FAIL

Re: Xoom

you'll never guess which company bought Motorola.

clue, their name starts with a letter 'G' and they are in competition to Microsoft's Being.

0
1
Facepalm

It's just like Micirosoft. Each version they promise they say they got it right this time.

4
8
Linux

Compare and contrast

MS release 'upgrades' to persuade you to part with yet more cash.

Google charge nothing for Android.

4
3

Re: Compare and contrast

Umm, why do you think your handset costs 500 hundred quid ? Think that's all parts ?

2
6

Re: Compare and contrast

But to buy more handsets .

So essentially it is the same that is giving more money to the telson and phone manufacturers.

Btw Virginia there is no free lunch.

1
0
Bronze badge
Mushroom

Except they are at least 5 years behind Microsoft in terms of security...

1
7
Anonymous Coward

Re: Compare and contrast

"Umm, why do you think your handset costs 500 hundred quid ? Think that's all parts ?"

Try the manufacturing process, parts, patent lawsuits and if it's a Google experience device, the Android license fee for the use of the Google apps (Play Store, Maps etc.) and Andriod name.

Android itself is free. Any manufacturer can download the source and build it themselves if they want. Of course there is always associated cost in adapting it to the device hardware but the manufacturers don't have to pay Google a penny if they choose not to.

Samsung etc. have their own dev's working on TouchWiz which of course will also be added into the cost of those devices.

5
0
Bronze badge
Flame

Re: Compare and contrast

Since when have Microsoft charged for Service packs? Only Apple do that...

0
1
Anonymous Coward

Shoudn't the title be " GOOGLE'S ANDROID JELLY BEAN CATCHES UP WITH COMPETITION IN FENDING SOME MALWARE MEANIES

0
5

Yes

IF THE HEADLINE WANTED TO PROJECT THAT IT WAS ANGRY AND SHOUTING

7
0
Anonymous Coward

Re: Yes

Can anyone advise just which wanker decided that capitalisation was shouting?

When I shout, I do not do so using capital letters!

Its just another wank decision adopted by the great unwashed.

0
3
Headmaster

Re: Yes

> Its just another wank decision adopted by the great unwashed.

I think it's a very good convention. Widely established, easy to learn, simple to use, and effective on any plain text system.

Back in the days of BBS, after lower case arrived but before bold, italics, and underlining, people started writing words in all-caps when they wanted to emphasise a point, WHICH WAS USUALLY WHEN THEY GOT ANGRY AND REALLY WANTED TO MAKE SURE THAT EVERYBODY PAID ATTENTION!

Since the analogous behaviour to this in spoken conversation is shouting, it was an easy and logical decision to adopt the convention that all-caps = shouting. There is an intuitive correlation between bigger letters, higher volume, and greater importance - at least in the mind of the originator.

> When I shout, I do not do so using capital letters!

And, no doubt, when you emphasise words whilst talking, you do not do so using bold or italic letters. I don't see the relevance of this point, unless you are suggesting that writing should be a direct and exact representation of the sounds of speech, in which case presumably we should also do away with formatting, punctuation, cases and so forth, and perhaps just move to drawing waveforms?

1
0
Windows

How dare you say that, Google is a good 5 years behind Microsoft in security, maybe more.

3
3
Anonymous Coward

It's all Apple's fault. If they'd implemented it earlier, Google could have copied it earlier.

2
8

Is this a joke?

The latest Jelly Bean iteration was released to select devices last week but is not due to come bundled with mainstream Android smartphones and tablets much before the end of the year

End of what year? 2013?! Some high end devices don't even have ice cream sandwich

1
2
Anonymous Coward

Wow - new walls around a merengue foundation..

I'm so glad they implemented ASLR - now if they could only start screening those apps so people wouldn't just INSTALL malware instead of being vulnerable to drive-by infections i would start to make a difference. But that would close the door for Google's own data sucking,no? (why else do you think 75% of Android only works after they have account details of you? That creates legal cover through you accepting their T&Cs).

So yes, it's very Microsoft compatible: promises, just promises.

1
3
Silver badge

Half-assed attempt, if you ask me.

Let us have some statistics: 1. Proportion of users affected by malware attacking the system, the issue ASLR is intended to fix; vs 2. Proportion of users affected by being tricked into accepting/installing dodgy apps because Android's permission system is shit and doesn't allow you to overrule the app's desire for "services which may cost you money".

Perhaps Google ought to be held liable for every unwanted SMS send, every call to premium rate numbers by malicious apps, and every theft of account/contact details...until they understand that these things NEED to be user options (and screw what the app thinks it needs), you the user need to have the ability to say "no" to these sorts of requests.

4
2
Devil

Re: Half-assed attempt, if you ask me.

you the user need to have the ability to say "no" to these sorts of requests

On Android you already have the ability to say no, but the app then has the ability to decline to install. What's needed is the ability to have an app think it has your location, but you the user can provide it with the location you want it to have. Or the app thinks it has the ability to send SMS, but these SMSs go to /dev/null and cost you nothing. Alternatively you should be able to force installation regardless, and take whatever functionality of the application is broken as a consequence. If your phone can run Cyanogen mod, you might want to consider this as an option.

Also the permissions model probably isn't fine grained enough, and there is no obligation for the app to state why it wants you to grant it a particular permission. It isn't possible to make an informed security decision unless you know _why_ the app requests a particular permission.

2
0
Silver badge

Re: Half-assed attempt, if you ask me.

"On Android you already have the ability to say no, but the app then has the ability to decline to install."

In my understanding, that is not how it works.

The installer program says "app wants this" and you say yes or no. If you say yes, it will install. If you say no, it is not installed. The app itself declines nothing. So no, the ability to say no is weighed against having or not having the app; it is a decision with coercion.

As to the rest of your post... yes. There ought to be either a "tough crap, it might not work" option or a "faker" module that supplies bogus data to an app, puts texts to /dev/null and so on. You know, it is amazing how an app that wants my location and full internet access is able to continue without problems when in airplane mode!

The permissions model definitely isn't fine-grained enough when we have things such as phone state (okay) being lumped together with phone identity (not okay!). Programs can set themselves up to start at boot and you can't turn this off (doubly-so with manufacturer forced bloatware that you can't even uninstall).

0
0

Battery Life

All very nice, but will this version of Android give me back any of my precious battery life that ICS took away?

1
1
Happy

XOOM ICS UK

I got so bored of waiting, I used GEDify. Worked like a charm, but much like ICS on the G2, It prefers a USB 2 port. The only stumbling block was that I didnt turn USB debugging on. Turned it on and carried on. Perfect. Now Im waiting for JB to auto update it :)

1
1
Gold badge
WTF?

Re: XOOM ICS UK

Is there anything Android USB related that doesn't require USB debugging to be on?

I'm beginning to wonder why it's bloody switchable and off by default......

0
0
Bronze badge

ASLR: lack of research

ASLR .... appearing in Windows Vista and Mac OS X since 2007, for example.

And OpenBSD did it 4 years before as did the Linux PaX project (partial randomization is present in the kernel long before Vista too). Google just decided to implement its own for Android.

1
0
Unhappy

About time...

Apple takes iOS security seriously and any flaw found is usually fixed very quickly and they try and stay ahead of the game.

Google, on the other hand, make a half hearted attempt at patching holes - but when you have so many it really must be quite depressing for them.

0
1
Bronze badge

Re: About time...

but when you have so many

So many is how many? I can recall only one for the last year.

Apple takes iOS security seriously

Maybe they do, however Mac OSX was not the case though with those Java vulns. epic fails.

1
0
Bronze badge
Mushroom

Re: About time...

IOS - circa 300 known security vulnerabilities

Windows Mobile and Windows Phone (all versions) - circa 2 known vulnerabilities.

QED.

(See Secunia.org)

0
3
Anonymous Coward

Re: Half-assed attempt, if you ask me.

The App you want is LBE Privacy Guard... of course there are others as well. Works well at allowing an app to think it has network access whilst not having network access... or your phone ID, or access to your contacts.

0
0
This topic is closed for new posts.

Forums