Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple, Google Diss the DoD Over Mobile Security

Posted by Soulskill on from the who-wears-the-pants dept.

Julie188 writes "The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs."

2 of 150 comments (clear)

  1. Re:Umm something is fishy by JonySuede · · Score: 3, Informative

    first google link for budgies:
    http://www.freewebs.com/budgierisa/appearance.htm

    --
    Jehovah be praised, Oracle was not selected
  2. Re:Use the souce. by VortexCortex · · Score: 5, Informative

    I know this is Slashdot and all, but still:

    IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

    This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security.

    I write code. I read code. Yes someone can make a mistake, I can miss the mistake, but I can also fix said mistakes as soon as the mistake is discovered. You can't do that unless you can compile your own OS / Firmware. Faster Fixes == Less Vulnerability Window == More Secure. I'm not arguing that open source makes something secure, but using the source can give you more security than otherwise.

    If you argue that control != security, I will put it to you that the inability to Control = No Provable Security. Thus, Control = infinitely times more secure than uncontrollable. How secure is a device that can auto-update it's firmware without your consent?

    Depending on who it is and what their experience is, I often prefer to trust.

    Let us not forget that I am compiling the same sources that those you "often prefer to trust" are compiling; Except that I am also sure that no additional closed source code has been included in my build.

    Binary_Blob == !Trust;