Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple, Google Diss the DoD Over Mobile Security

Posted by Soulskill on from the who-wears-the-pants dept.

Julie188 writes "The Defense Information Systems Agency (DISA) has long supported the use of BlackBerry smartphones for soldiers. It built a system called Go Mobile to provide secure communications, training, and collaboration applications to mobile soldiers. DISA recently decided to add Android and iPhone to the list of approved devices because of high demand from users. Unfortunately, this choice has become a giant pain in the flank. Why? Because both Apple and Google refuse to give DISA access to their security APIs."

8 of 150 comments (clear)

  1. Unpatriotic? by fey000 · · Score: 4, Funny

    Queue the Palin. Might be time for Apple and Google to be hunted down like Al-Qaeda. Is there any room left in the Assange bunker?

  2. Umm something is fishy by JonySuede · · Score: 4, Interesting

    Android is open source, how hard could it be to download the code and look into it to find those elusives security apis ?
    I have rolled custom firmware onto an android device using the instruction on some forums, and it worked great, if a dude with is budgies can do it, why can't they ?

    --
    Jehovah be praised, Oracle was not selected
  3. Access to what? by beakerMeep · · Score: 5, Insightful

    TFA is very light on technical details. What security API are they looking to access? To do what? They have access to AOSP/Linux, and could even cook up custom ROMs if they needed. Is there some cryptographic hardware driver they need or something?

    Also, From the 'article'

    It seems to me that Apple and Google are making self-centered bad decisions here that won't play well with the American public. Clearly, Apple and Google should re-think these myopic and selfish policies

    WTF? Maybe this journalist should re-think his self-centered trite opinion fluff pieces. Oh wait, it's NetworkWorld. Not much chance of that happening I guess.

    --
    meep
    1. Re:Access to what? by UnknowingFool · · Score: 4, Insightful

      One person I spoke with from DOD said that Apple flat out refused to play ball, telling DOD to "talk to our integrators and carriers."

      I don't have any more details than the author but he seems to be making assumptions based on conversations that he wasn't involved with. Maybe the simple fact of the matter is that Apple doesn't have any security APIs that would meet the DoD standards. Frankly Apple has designed their phone for the consumer space; Blackberries are more designed for security. Also it may be that Apple simply doesn't want to share any source code with the government. If they did, someone here on slashdot would espouse some conspiracy theory that Apple was helping the federal government track and mind-control you through your iPhone.

      As for Android, it is open source so the DoD can make their own modifications like the NSA did with SELinux.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  4. I don't think this is the full picture... by EnglishTim · · Score: 5, Interesting

    Shenanigans! There's got to be more to it than this.

    The entire source for Android is available; what could Google be holding back? It's not as if they manufacture the phones.

    What are these 'Security APIs'? It doesn't make any sense.

    I think it's more likely that the DoD asked for some of Google / Apple's signing keys and the companies rightly refused.

  5. Patriotism? by SuperSlacker64 · · Score: 5, Insightful

    According to the article, practically the only reason given as for why Google and Apple should give access to these APIs is to be patriotic. But as a few other people have pointed out, Google and Apple, though based in the US, are no longer solely US companies. What would this article's opinion have been had Russia or China or some other countries equivalent Department of Defense had asked for access to these APIs I wonder?

  6. Re:Use the souce. by mercury83 · · Score: 5, Interesting
    I know this is Slashdot and all, but still:

    IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

    This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security. Depending on who it is and what their experience is, I often prefer to trust.

    Regardless, one of the big issues that I've seen in this area is that although yes, you CAN jailbreak iPhone or install custom firmware on whatever device you want, you want the ability to deploy commercial-off-the-shelf stuff to users in the field with a 10 second install from the app store. They want to leverage the existing distribution network for the product and application distribution for software packages. They want to piggyback off the commercial world with minimal development effort and cost. What you're proposing a better model from a secure perspective, but is massively more expensive.

  7. Re:Use the souce. by VortexCortex · · Score: 5, Informative

    I know this is Slashdot and all, but still:

    IMO, My device is not "secure" unless I can control the device's OS & inspect the device's hardware. My phone, my router, my PCs, my GPS, all have firmware I've compiled myself.

    This doesn't make it secure. It just means that if someone's made a mistake, or inserted a backdoor, you've missed it. Control != Security -- sometimes it just creates a poor illusion of security. If you don't have control, you have to trust someone to provide security.

    I write code. I read code. Yes someone can make a mistake, I can miss the mistake, but I can also fix said mistakes as soon as the mistake is discovered. You can't do that unless you can compile your own OS / Firmware. Faster Fixes == Less Vulnerability Window == More Secure. I'm not arguing that open source makes something secure, but using the source can give you more security than otherwise.

    If you argue that control != security, I will put it to you that the inability to Control = No Provable Security. Thus, Control = infinitely times more secure than uncontrollable. How secure is a device that can auto-update it's firmware without your consent?

    Depending on who it is and what their experience is, I often prefer to trust.

    Let us not forget that I am compiling the same sources that those you "often prefer to trust" are compiling; Except that I am also sure that no additional closed source code has been included in my build.

    Binary_Blob == !Trust;