<div class='os_post_top_link'><a href='http://arstechnica.com/security/2012/07/android-jelly-bean-hard-to-exploit/' target='_blank'>http://arstechnica.com/security/201...ard-to-exploit/</a><br /><br /></div><p><em>"In an <a href="https://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-jelly-bean-4-1/" target="_blank">analysis published Monday</a>, security researcher Jon Oberheide said Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization."</em></p><p><img src="http://images.thoughtsmedia.com/resizer/thumbs/size/600/adt/auto/1342541066.usr309.jpg" style="border: 0;" /></p><em>Diagram showing attacker overwriting a return address with a pointer to the stack that contains attacker-supplied data</em><em><a href="https://en.wikipedia.org/wiki/Stack_buffer_overflow">Wikipedia</a></em><p>It's great to know that Google is taking mobile security seriously and working to improve it.&nbsp; This sounds like a large step in the right direction.&nbsp; I was also surprised this was the first I had heard of this change being in Android 4.1, Jelly Bean.&nbsp; Another feature new in Jelly Bean I heard of recently is a "<a href="http://www.droid-life.com/2012/07/11/how-to-enter-safe-mode-in-jelly-bean/" target="_blank">Safe Mode</a>" to make sure a problem you're having is not app related.</p><p>What's your favorite new feature in Jelly Bean?</p><p>&nbsp;</p>

I'm going to try face recognition authentication on my Google Nexus 7 tablet. Interesting to note that it can be configured to require face + blink, although this can be defeated using a "coercion-style" attack.