Software protection Android randomize_va_space is set to 1 1: Conservative (stack, mmap base, VDSO, PIE) … no heap base (brk) randomization – Regardless: Applications are fork()'d from Zygote anyways, and inherit its ASL 2: Full (stack, mmap base, VDSO, PIE, brk) Most .so are pre-linked with Apriori (hardcoded load address in an 8 byte “PRE “ record at the end of .so) and …