Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Releases Security-Enhanced Android

Posted by timothy on from the but-don't-worry dept.

An anonymous reader writes with the recent news that, in line with its goal to provide secure phones to government employees in various domains, "The NSA has released a set of security enhancements to Android. These appear to be based on SELinux, which was also originally created by the NSA."

4 of 81 comments (clear)

  1. Is it secure from the NSA et al? by TeddyR · · Score: 3, Interesting

    The question is what backdoors have they placed on it. Is it secure from themselves (NSA) and other three letter agencies?

    --

    --
    Time is on my side
    1. Re:Is it secure from the NSA et al? by MagusSlurpy · · Score: 3, Interesting

      Unless the "security through obscurity" is to make the OS more widespread, and so make actual NSA phones less obvious targets. One thousand "sensitive" phones amongst an install base numbering one hundred thousand slashdotters and tinfoil hatters is a good starting point.

      --
      My sister opened a computer store in Hawaii. She sells C shells by the seashore.
  2. Re:Enhancement, from the NSA? by Darkness404 · · Score: 3, Interesting

    You can't be 100% secure, 100% of the time. There will /always/ be a weak link. Be it a backdoor or a security flaw. The goal is to manage your risks. Using security enhanced Android (after about a good month for security researchers to look at the code) is unlikely to introduce any more government-imposed security risks than simply being in the US and its tyrannical laws (PATRIOT Act, CALEA, etc.). Chances are, SEA is going to be more secure than the patched together stock Android system.

    Of course they can hide a backdoor in it. But why bother when they already have nearly unlimited powers due to the PATRIOT act, have many corporations that will bend over backwards for the police state, and laws like CALEA.

    --
    Taxation is legalized theft, no more, no less.
  3. Re:Enhancement, from the NSA? by justforgetme · · Score: 3, Interesting

    while mainly correct, your proposition ignores the fact that in programming you have a lot of plausible deniability in form of the programming mistake. A wrongly placed comparison or wrongly compiled regexp can have huge side effects while looking like little mistypes even a good albeit tired dev would make. Now think that by implanting such a small discrepancy into a big project you could do very many things without being ever detected. Also the side effects of such a behavior are very difficult to follow in a big project making the possibilities of it being forcibly discovered ridiculous since you would have to follow every reroute into oblivion before being sure there are not deliberate side effects.

    --
    -- no sig today