Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple, Google Diss the DoD Over Mobile Security

Posted by Soulskill on from the who-wears-the-pants dept.

Julie188 writes "The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs."

11 of 150 comments (clear)

  1. Use the souce. by VortexCortex · · Score: 2, Insightful

    Want to access the "security" APIs? Use the Source.

    Why not just offer a custom DoD firmware for Android phones?

    Seriously, there's no way for an application to be "secure" if the platform the application runs on is itself untrusted.

    IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself. If an average coder like myself can do this, the DoD shouldn't have any problems either.

    Note: Android works on iPhones too, it's still buggy, but the DoD could help with that if they desired, or just use phones that support custom, open source firmware.

    1. Re:Use the souce. by Timmmm · · Score: 2, Insightful

      My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

      Who modded this insightful?

      Do you even have the source code for your GPS firmware, the baseband in your phone, your PC's BIOS and so on? No. Even if you did, are you seriously saying that you've perfectly audited hundreds of thousands of lines of code?

      Where's the "-1 this is really stupid" option?

    2. Re:Use the souce. by Anonymous Coward · · Score: 3, Insightful

      Sometimes control isn't security, but lack of control is always insecurity. Any solution that results in security will necessarily require control.

      you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store.

      If you need security, then this simply isn't going to be one of your goals. Instead, you're going to want 10 second install from your repository, which consists solely of software that you have audited. As a compromise, it might be software that someone else that you trust has audited, but that'll be someone like Theo deRaadt or maybe (stretching a little, but there are degrees of security) the Debian team. But it sure as hell won't be Apple or Google, because while those parties might be competent, their goals are at cross purposes with yours.

      And it's those cross purposes that this story is really about. Apple doesn't have a "Security API"; they have a "Apple Security API" which is intended to protect Apple's interests, not the interests of the users or the owners.

  2. DoD should not support the Foxconn iPhone by Animats · · Score: 3, Insightful

    The iPhone is made by the Foxconn division of Hon Hai Precision Industry Company Ltd, in Shenzen, China. Apple is just the design and sales firm. That's not a reliable source for secure DoD communications.

    There are still some non-China cell phone manufacturing facilities. DoD needs to look hard at sourcing.

    1. Re:DoD should not support the Foxconn iPhone by frosty_tsm · · Score: 1, Insightful

      I don't see why the DoD can't contract Texas Instruments to make them a custom Android phone entirely in the US.

      Because even the DoD can't afford a seventy-thousand-dollar-each cellular phone with every component made in the USA.

      Heck, considering that you'd have to open new fabs for some of the parts, it'd probably run more like $170,000 each.

      Even with the defense contractor mark-up, 170k is not how much it would cost to make an iPhone or Android in the US. Well, unless the plants were run like a unionized auto-plant...

  3. Access to what? by beakerMeep · · Score: 5, Insightful

    TFA is very light on technical details. What security API are they looking to access? To do what? They have access to AOSP/Linux, and could even cook up custom ROMs if they needed. Is there some cryptographic hardware driver they need or something?

    Also, From the 'article'

    It seems to me that Apple and Google are making self-centered bad decisions here that won't play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies

    WTF? Maybe this journalist should re-think his self-centered trite opinion fluff pieces. Oh wait, it's NetworkWorld. Not much chance of that happening I guess.

    --
    meep
    1. Re:Access to what? by UnknowingFool · · Score: 4, Insightful

      One person I spoke with from DOD said that Apple flat out refused to play ball, telling DOD to "talk to our integrators and carriers."

      I don't have any more details than the author but he seems to be making assumptions based on conversations that he wasn't involved with. Maybe the simple fact of the matter is that Apple doesn't have any security APIs that would meet the DoD standards. Frankly Apple has designed their phone for the consumer space; Blackberries are more designed for security. Also it may be that Apple simply doesn't want to share any source code with the government. If they did, someone here on slashdot would espouse some conspiracy theory that Apple was helping the federal government track and mind-control you through your iPhone.

      As for Android, it is open source so the DoD can make their own modifications like the NSA did with SELinux.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    2. Re:Access to what? by russotto · · Score: 3, Insightful

      Apple doesn't have any integrators either, so that conversation makes no sense.

  4. Re:Unpatriotic? by Anonymous Coward · · Score: 1, Insightful

    It's not possible for big $$$ corporation to be unpatriotic.

  5. Patriotism? by SuperSlacker64 · · Score: 5, Insightful

    According to the article, practically the only reason given as for why Google and Apple should give access to these APIs is to be patriotic. But as a few other people have pointed out, Google and Apple, though based in the US, are no longer solely US companies. What would this article's opinion have been had Russia or China or some other countries equivalent Department of Defense had asked for access to these APIs I wonder?

  6. Re:Unpatriotic? by Anonymous Coward · · Score: 2, Insightful

    For my more serious contribution to this discussion...

    So which do you think offers more security?

    Oh dear.

    As well as the app review process the iPhone does prompt when an app wants to first use location services, notification, push services, etc. and then allows you to manage and subsequently revoke those permissions. The apps are also sandboxed.
    I am not in a position to comment on any of the Android flavours or BlackBerry security, so I won't.