Friday, May 18, 2012

Android - Best Security Offer?


This is a pretty wild piece of news. Google, George Mason University, and the NSA are working to make Android the most secure OS out there. They're developing a "hardened" kernel so Android can pass all the necessary red tape to be deployed for government use. By 2012 they expect Android to be good enough for classified communication, and eventually they'll hit a higher security clearance level than BlackBerrys. Poor BlackBerry, security was one of the last things they had left.

It seems like all the heavy hitters are on board to deploy this super-secure version of Android. The Obama Administration, the FBI, the Justice Department, the Army, and first responders are all mentioned as interested parties. The Army wants to take Android into combat, the White House wants to dump blackberry, and first responders want to replace their insecure radio equipment. That's right, real life Android Police.

No word on when (or if) all this security will trickle down to us civilians; hopefully Google made that part of the deal. More security is always a good thing, right?

NSA constructs hardened Android, unleashes it on world


By 
John Leyden • Vicious apps squashed by super-spook mobile OS

The US Defense Department's The National Security Agency (NSA) has released a security-hardened version of Google's mobile OS, Android.

The spook-enhanced build of the operating system was released last week and is based onSELinux, also created by the National Security Agency. The inaugural release of the SE Android project focuses on limiting the scope for malicious or flawed apps to cause mischief, as explained in the project documentation:

Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android. Initially, the SE Android project is enabling the use of SELinux in Android in order to limit the damage that can be done by flawed or malicious apps and in order to enforce separation guarantees between apps. However, the scope of the SE Android project is not limited to SELinux.

Links to SE Android source code and instructions on putting it together can be found on the project's web page. The focus of the project is on damage limitation rather than prevention. The target audience of the project is clearly mobile developers, security experts or perhaps device manufacturers, and not regular Android smartphone users looking for a little extra privacy and security.

App support is low and if you don't know what you are doing you might even end up with a bricked smartphone. The goals of the SE Android were first publicly outlined during a presentation [PDF] at last year's Linux Security Summit. ®

No comments:

Post a Comment