Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple, Google Diss the DoD Over Mobile Security

Posted by Soulskill on from the who-wears-the-pants dept.

Julie188 writes "The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs."

6 of 150 comments (clear)

  1. DoD should not support the Foxconn iPhone by Animats · · Score: 3, Insightful

    The iPhone is made by the Foxconn division of Hon Hai Precision Industry Company Ltd, in Shenzen, China. Apple is just the design and sales firm. That's not a reliable source for secure DoD communications.

    There are still some non-China cell phone manufacturing facilities. DoD needs to look hard at sourcing.

  2. Access to what? by beakerMeep · · Score: 5, Insightful

    TFA is very light on technical details. What security API are they looking to access? To do what? They have access to AOSP/Linux, and could even cook up custom ROMs if they needed. Is there some cryptographic hardware driver they need or something?

    Also, From the 'article'

    It seems to me that Apple and Google are making self-centered bad decisions here that won't play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies

    WTF? Maybe this journalist should re-think his self-centered trite opinion fluff pieces. Oh wait, it's NetworkWorld. Not much chance of that happening I guess.

    --
    meep
    1. Re:Access to what? by UnknowingFool · · Score: 4, Insightful

      One person I spoke with from DOD said that Apple flat out refused to play ball, telling DOD to "talk to our integrators and carriers."

      I don't have any more details than the author but he seems to be making assumptions based on conversations that he wasn't involved with. Maybe the simple fact of the matter is that Apple doesn't have any security APIs that would meet the DoD standards. Frankly Apple has designed their phone for the consumer space; Blackberries are more designed for security. Also it may be that Apple simply doesn't want to share any source code with the government. If they did, someone here on slashdot would espouse some conspiracy theory that Apple was helping the federal government track and mind-control you through your iPhone.

      As for Android, it is open source so the DoD can make their own modifications like the NSA did with SELinux.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    2. Re:Access to what? by russotto · · Score: 3, Insightful

      Apple doesn't have any integrators either, so that conversation makes no sense.

  3. Patriotism? by SuperSlacker64 · · Score: 5, Insightful

    According to the article, practically the only reason given as for why Google and Apple should give access to these APIs is to be patriotic. But as a few other people have pointed out, Google and Apple, though based in the US, are no longer solely US companies. What would this article's opinion have been had Russia or China or some other countries equivalent Department of Defense had asked for access to these APIs I wonder?

  4. Re:Use the souce. by Anonymous Coward · · Score: 3, Insightful

    Sometimes control isn't security, but lack of control is always insecurity. Any solution that results in security will necessarily require control.

    you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store.

    If you need security, then this simply isn't going to be one of your goals. Instead, you're going to want 10 second install from your repository, which consists solely of software that you have audited. As a compromise, it might be software that someone else that you trust has audited, but that'll be someone like Theo deRaadt or maybe (stretching a little, but there are degrees of security) the Debian team. But it sure as hell won't be Apple or Google, because while those parties might be competent, their goals are at cross purposes with yours.

    And it's those cross purposes that this story is really about. Apple doesn't have a "Security API"; they have a "Apple Security API" which is intended to protect Apple's interests, not the interests of the users or the owners.