In an analysis published Monday, security researcher Jon Oberheide said Android version 4.1, aka Jelly Bean, is the first version of the Google-developed OS to properly implement a protection known as address space layout randomization. ASLR, as it's more often referred to, randomizes the memory locations for the library, stack, heap, and most other OS data structures. As a result, hackers who exploit memory corruption bugs that inevitably crop up in complex pieces of code are unable to know in advance where their malicious payloads will be loaded.
The code for the latest build of Android is now available, meaning anyone with the right knowhow can get modding right this very minute.
Gentleman, screwdrivers at the ready. Jean-Baptiste Queru, Google’s software engineer, made the announcement via Google Groups.