Jon Oberheide, through his research, claims that Android 4.1 is the first ever operating system from Google that has properly implemented address space layout randomization (ASLR). In layman’s terms ASLR is basically an intelligent mechanism through which operating system randomizes the memory locations for stacks, heaps and other data structures. Hackers who try to exploit probable buffer overflows in an operations system would be rendered helpless as they won’t be able to identify in advance where their malicious payloads will be written in memory.
Android Ice Cream Sandwich did have ASLR implemented but, it wasn’t up to the mark and wasn’t able to mitigate real world attacks.
This may sound to be a great leap forward for Google and Android users but, the fact that Apple has already implemented ASLR and DEP since 2010. Another security feature that Android lacks is code signing. This particular method, already implemented in iOS, is a technique through which unauthorized application execution can be stopped for the want of creation of a valid digital signature just before execution.