Slashdot Mirror
Apple, Google Diss the DoD Over Mobile Security
Julie188 writes "The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs."
Queue the Palin. Might be time for Apple and Google to be hunted down like Al-Qaeda. Is there any room left in the Assange bunker?
Android is open source, how hard could it be to download the code and look into it to find those elusives security apis ?
I have rolled custom firmware onto an android device using the instruction on some forums, and it worked great, if a dude with is budgies can do it, why can't they ?
Jehovah be praised, Oracle was not selected
Want to access the "security" APIs? Use the Source.
Why not just offer a custom DoD firmware for Android phones?
Seriously, there's no way for an application to be "secure" if the platform the application runs on is itself untrusted.
IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself. If an average coder like myself can do this, the DoD shouldn't have any problems either.
Note: Android works on iPhones too, it's still buggy, but the DoD could help with that if they desired, or just use phones that support custom, open source firmware.
The iPhone is made by the Foxconn division of Hon Hai Precision Industry Company Ltd, in Shenzen, China. Apple is just the design and sales firm. That's not a reliable source for secure DoD communications.
There are still some non-China cell phone manufacturing facilities. DoD needs to look hard at sourcing.
lol wut?
This article goes so far as to call the two companies unpatriotic for not supporting the DoD.
Rubbish.
It sounds as if the government is effectively asking for a backdoor. With lack of oversight already, why should Google or Apple expect them to do right by their customers?
Besides, there's a reasonable amount of IP in any security stack. Why should any for-profit organization just hand it over?
TFA is very light on technical details. What security API are they looking to access? To do what? They have access to AOSP/Linux, and could even cook up custom ROMs if they needed. Is there some cryptographic hardware driver they need or something?
Also, From the 'article'
It seems to me that Apple and Google are making self-centered bad decisions here that won't play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies
WTF? Maybe this journalist should re-think his self-centered trite opinion fluff pieces. Oh wait, it's NetworkWorld. Not much chance of that happening I guess.
meep
Look, it's all fine and dandy. iPhone is great, android is great. It's all setup by microsoft. While they sit back and watch apple and google run into the wildy arrogant ways of thier past, they're quitely selling tons of software to enterprises AND home users. When apple and google get the DOJ hammer, it'll even out the market share ofmobile, therefore, provide an enormous boost to microsoft and probably palm too. Look at this way, Balmer is Dooku and google is clone army.
Shenanigans! There's got to be more to it than this.
The entire source for Android is available; what could Google be holding back? It's not as if they manufacture the phones.
What are these 'Security APIs'? It doesn't make any sense.
I think it's more likely that the DoD asked for some of Google / Apple's signing keys and the companies rightly refused.
According to the article, practically the only reason given as for why Google and Apple should give access to these APIs is to be patriotic. But as a few other people have pointed out, Google and Apple, though based in the US, are no longer solely US companies. What would this article's opinion have been had Russia or China or some other countries equivalent Department of Defense had asked for access to these APIs I wonder?
Dissing the DoD - or, as the article says, "thumbing their noses at" the DoD is not a wise move.
The Denizens of Doom are a group of hacker-biker crossbreeds. A true Ubermensch, if you will. Piss them off sufficiently, and they will kick your digital ass!
Do daemons dream of electric sleep()?
The military's security evaluations are heavily biased. Any technology the military does not want to use can be declared insecure, whether or not it is, and vice versa. One can always find a reason something is not secure.
For example, they wanted to use Windows, and not any flavor of UNIX. The fact that Windows is produced by an American company was trotted out as a reason it was more secure. Code written by foreigners might have back doors, etc. Also, open source software development was shot down as fundamentally less secure than proprietary ways. Anyone might slip malware into open source. So, no Linux or FreeBSD. But then, why not a proprietary UNIX? They also prefer dealing with big companies, which informally disqualifies many UNIX vendors. They just have to come up with good sounding excuses, and security ones are great.
For the other side of the issue, they'll lean on their evaluators to rubber stamp tech that they like. Often it seems that what they really want out of their evaluators is creative reasoning that gives them the cover they need to use what they want, not impartial evaluations. Or they'll bypass them. They can get approval on an interim basis when there is nothing secure enough, and they have to have something. They're accustomed to Windows, and they like it, so they found ways to get it on board.
However, they can't do absolutely anything. Often there are ways that though extremely inconvenient, do increase apparent security, and which cannot be worked around. A big one is the "air gap". Need a separate computer for each network, to prevent information leakage across the boundaries.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
I'll tell you what annoys me. Are you ready? Summaries that ask a question, and then answer it. Why is that annoying? I believe this post answers that.
Google and Apple just told the DISA to talk to the integrators. They aren't getting special treatment which makes sense: as big as the DoD is, they are still smaller and more specialized than the general public which the devices were meant to serve.
This is a job for a small, tight-knit development company developing under NDA, i.e. integrator.
They ought just make an app with some serious cryptography. It should be easy enough to just text instead, idk the security level differences, whatever works better though. For test they can change the letter codes (binary/ascii) with random cycling syncable layouts (keys). And I saw something in the book: "Blink" regards just going back to 'word of mouth'... And regards the API, it should already be in there pocket if you ask me. "many hands make the work load light"
GOT ZEN?
FTA: "Providing API access to DOD is the patriotic and morale thing to do, especially since DOD is opening the door to lots of sales opportunities for both companies. "
Yeah, that's a well-written article. I'm convinced.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
If you give access or information about APIs that this information can leak out and be used for the wrong purposes.
The military should buy something that does what they want, not buy a consumer product then try to get the manufacturer to change it for them.
The DOD can take it multi-million dollar contract and go somewhere else. It's not up to the DOD to force companies to make smart business transactions, but if I was a stock holder at Google or Apple I might be a little pissed.
This is going to get even worse for Apple's iPad and other USB free devices. Without a smart card reader, or at least a USB slot to add one, these devices are going to have very limited usability in the DoD as things move forward.
+++ UGUCAUCGUAUUUCU
hey, it's Hosts File Guy! I wondered when you would show up.
They gay ban hasn't been overturned yet.
THL phish sticks
Actually, iPad 2 may very well have a USB port.
Giant colored font batman!
Never say never. Ah!! I did it again!
I just can't see the justification for the government to have and hold proprietary information it has no rights to. If it should some day be determined that some corporate irresponsibility or collaboration in a criminal or treasonous context fell on the shoulders of corporate officers, I'd favor prosecution. But not release of the proprietary information itself. As it is government information and citizen information in the governments cognizance is considerably compromised by their "security". Only in the context of socialist nationalization (even then it's hard to justify) does this make the slightest bit of sense.
iPhone and Android make money by spying on you. DOD wants to reprogram their OS to make that impossible, and they said no. They won't even let the DOD have a secure version of their OS, because their OS are inherently insecure.
Seriously, how is a disgruntled private supposed to suck down the contents of the DoD document store without a USB port?
"I like systems, their application excepted", George Sand (French)
This is exactly the reason that platforms like OSX and Windows are so secure, and linux is so riddled with viruses. Can you imagine the problems we would be facing if people actually had access to review and update those operating systems?
Nope. Just bluetooth. They make bluetooth CAC readers.
Perhaps it is politically motivated. Something about two wars comes into mind.
"hey, it's Hosts File Guy! I wondered when you would show up." - by Anonymous Coward on Saturday December 11, @01:47PM (#34524460)
See subject-line... & someone is modding my post on how to use HOSTS files on ANDROID even (very easy to do with ADB).
APK
P.S.=> "Gee, I wonder WHY?" (not): With ISP/BSP's talking about "pay as you use" internet (how much bandwidth you consume in other words) -> http://yro.slashdot.org/story/10/12/08/2012243/FCC-Approving-Pay-As-You-Go-Internet-Plans so they can not only TRACK YOU via cookies & such in adbanners but also charge you more because you are downloading + processing adbanner content, which means YOU CONSUME MORE BANDWIDTH BY DOWNLOADING & RUNNING AD BANNER CONTENT!
(Adbanner content, which mind you, has been shown to bear malware malicious code before no less -> http://apcmag.com/microsoft_apologises_for_serving_malware.htm in the past (& that's not a first either))
Yes - I can pretty much guess it's NOT Google's people down modding me here, but rather ISP/BSP reps + advertisers (or even malware makers), because they are the ones that HATE HOSTS FILES more than anyone does... apk
Apple is flat out ignoring demands such as this and is 100% concentrating on the consumer. They are missing the boat on security requirements of larger corporations and apparently the DoD as well. I think they are missing a huge and somewhat captive market, if they would just do as required the would sell a huge # of phones and iPad's. I think they are too focused on selling apps to teenagers. Don't get me wrong I love my iPhone and iPad but I must admit I have had to jump thought hoops to get them to work for me as office tools.
Maybe the mods love watching you rant? It is fairly entertaining.
You do realise, apk, that Slashdot's moderation system actually prevents providing justification, as any successive post nullifies all moderation to a conversion, right?
Personally, I'd suspect that you were downmodded for being completely off-topic - you're going on about hosts files in a discussion on the DISA not getting access to the Android and iPhone OS security APIs.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
The justification on technical grounds is you have no idea and what you try to pass of as technical insight is demented ignorant rambling.
If you ignore ACs because they are anonymous - you're an idiot.
metrix007 is pissed about this http://yro.slashdot.org/comments.pl?sid=1888084&cid=34462614 [slashdot.org] where he blundered on hosts files against the person he's trolling now. metrix007 got played, He played himself.
Linux and BSD the OS's under Android and iPhone both have solid security tools. Linux's version was written by the NSA FFS. But once the machine leaves the hands of G&A the 'integrators' have full control over what goes in and what stays out. For Linux the major security enhancements can be turned off with a single switch & kernel recompile.
The only way either company could force the issue is to use legal means and renegotiate their agreements with these 'integrators' AKA 'Phone companies'.
Good luck with that!
See my subject above? It's about you.
If blackberry did just that, then they should too, although I do not understand what the big deal is, if the military is reviewing the code in order to see what is going on as to ensure no one is logging the communication flow, but anyways, this is not news, happens all the time when dealing with military, they need to follow protocal, and the rest of us civis don't....no big deal, so they stay with BB and just keep ensuring their platform survives even longer...
apk, really. Let it go, you're not doing yourself any favours. This is exactly the sort of behaviour that gets you downmodded, you know. It's a bit like that twitter fellow.
Stop. Just... stop.
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Kalriath didn't like the beating he took @ my hands regarding HOSTS files before on /. here, as it's where I got Kalriath to run away from disproving the numerous points I listed in favor of HOSTS files, and where I got Kalriath to ADMIT THE SAME AS MICROSOFT'S OWN MGT. HAD TO VS. MYSELF ON THE SAME POINTS
(Microsoft's own senior mgt. of their "Windows Client Performance Division" in FOREDECKER to admit the same -> That using a smaller file (by using smaller blocking addresses in HOSTS files) will result in BETTER HOSTS FILE PERFORMANCE):
Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32694426 [slashdot.org]
and
Here http://it.slashdot.org/comments.pl?sid=1687452&cid=32632240
(That's what this reaction in my P.S. of his is about, since he's now caught in the fact he likes to "troll" my posts on HOSTS files)
APK
P.S.=>
"apk, really. Let it go, you're not doing yourself any favours." - by Kalriath (849904) on Monday December 13, @03:21PM (#34538324)
You followed me into another HOSTS file post, and you have to "eat it" because you're shown not only trolling me here before on HOSTS files posts I do, but also that you royally "MESSED UP LARGE" on them, having to admit my points are right!
(You, & right along with Microsoft's own people too, also having to admit my points on HOSTS files are indeed, correct!)
---
"Stop. Just... stop." - by Kalriath (849904) on Monday December 13, @03:21PM (#34538324)
Why don't you take your own advice, you're the one that gives yourself this beating by following around my posts on HOSTS and you get disproven on every so called "point" you make and you run in the end (until you do it again that is, like today)...
See the 2 urls above, to anyone else reading, this isn't a "1st" for Kalriath on my posts on HOSTS files, & he did just as poorly here as per his usual! apk
Give the gov their code and expect it spread on the internet the next day. (Yeah, I have a lot of faith in the gov'ment)
Vote monkeys into Congress. They are cheaper and more trustworthy.