Android has always been criticized by its overall lack of security for being the main and most important weak point of the whole mobile operating system; especially over the past few months, as one rather critical exploit was discovered buried inside Android’s core. The Stagefright vulnerability has been reported to be extremely harmful for almost all Android devices that still haven’t seen a patch specifically for this issue. Google only addressed this potential threat to all Android users a few times, when the company stated how it was already working on fixing the problem, and another one when a patch was actually released for the mobile OS source-code. Today, a couple of members of Google’s Project Zero vulnerability research team have expressed their concerns and thoughts about Android’s security throughout the system as a whole, and refuted one of the main points when talking about Android’s different vulnerabilities; and that is address space layout randomization.
Address space layout randomization had always served as a way to make Google’s own mobile OS’ security issues much less harmful than they actually are. Unfortunately, the company’s Project Zero vulnerability research team, has mitigated the power that the statement had. This has caused great concerns about Android’s overall security, as most public relations Google employees had used this key point when defending the OS’ defenses. Address space layout randomization was the go-to answer when Google employees were questioned about Stagefright, and noted that thanks to address space layout randomization, the different security issues that came with Stagefright were actually difficult to exploit.