Slashdot Mirror
Ask Slashdot: Equipping a Company With Secure Android Phones?
An anonymous reader writes "I'm in charge of getting some phones for my company to give to our mobile reps. Security is a major consideration for us, so I'm looking for the most secure off-the-shelf solution for this. I'd like to encrypt all data on the phone and use encryption for texting and phone calls. There are a number of apps in the android market that claim to do this, but how can I trust them? For example, I tested one, but it requires a lot of permissions such as internet access; how do I know it is not actually some kind of backdoor? I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us. I was thinking of maybe installing Cyanogenmod onto something, using a permissions management app to try and lock down some backdoors and searching out a trustworthy text and phone encryption app. Any good ideas out there?"
And blackberry messenger is too.
To clarify on the blackberry messenger encryption: It's encrypted by default with a global key (hardly useful) but pin to pin communications can be encrypted using an organizational key, if you subscribe to a S/MIME package.
I'd like to know how to configure a kludge of shit (using all FOSS, of course) for my enterprise environment. I want everything under the sun plus the kitchen sink.
Also, I'm going to be paranoid and reject anything you propose. After all, I can't be sure that anything I buy doesn't have a backdoor that the government or extra terrestrials could use to snoop on the uber secrets at my company.
We have one in works. Email to me df.inbox at gmail.com for details.
I would recommend developing your own system. If you are dealing with highly sensitive information, you want to make sure that it is fully secure. There are plenty of independent security contractors out there to develop something for you if you do not have the skill set to make it yourself within your company. Custom ROM, kernel, and various modifications to it should do it for you.
Yes, use an iPhone ! Let the flames begin...
Why android? is there an app you need or something? or is it a latest bling thing?
Because Blackberry does the encrypted thing, and if you buy BES you can also set device policies and centrally administer the devices (remote wipe for example).
Timothy, You should take a look at Good for Enterprise www.good.com Best, jmarka
While trolling around my Galaxy Nexus I found the ability to encrypt it (not using it though). At the least that should protect data on the phone, surely you can find more details about that feature on the intertubes.
Calls are already "secure" to a point but if you need even more security then perhaps Skype?
text ... I'll leave that to others
If you can't be good, be good at it!
my brief foray with android showed me that pretty much every app wants access to everything on the phone, including phone-home capability.
You basically described the RIM/Blackberry use case; why not use them? The Bold 9900 is actually a nice phone.
K Man
Unfortunately I am of the opinion that Android is NOT the platform for this (I use Android for my personal phone). It doesn't support it and as you see you need to use third-party applications to even make it work. Even if you could trust those third-parties, now how do you push updates to your reps? The answer is you don't. There are just too many hoops to jump through for a business where security is a "major consideration." I'd recommend Blackberry but it seems RIM could be going under any day. iOS is probably a better choice because it supports FDE out of the box. Though, in all honesty, if security is a major consideration, the real answer is that your reps should ONLY be using feature phones rather than smartphones.
... Blackberry. Aside from encrypting phone calls themselves, everything you're asking to do is something even a basic Curve will do out of the box - encrypting the phone storage and SD card, requiring a password to install apps. And that's without using any enterprise tools to manage the devices and security policies across the board, remotely.
Android 4.0 has full device encryption.
Get a Nexus. However, nothing is secure once someone has their hands on it (insert obligatory XKCD encryption link.) At least F-Secure Mobile Security reduces the attack surface before it's stolen and allows you to remote-wipe after it has been stolen. I don't work for F-Secure BTW!
Pretty much sounds like you need a blackberry. Only they offer what you describe.
Trouble is, blackberry phones are crap, BES is crap, the blackberry network is crap, and the blackberry company (RIM) is circling the drain.
Turns out the infrastructure you need for your idea of a "secure" phone is more trouble than it's worth. Most companies have come to the realization that security is in fact a social and policy issue and much less a technological one. Just get good quality bog standard smart phones and create a policy that minimizes risk.
That said, iphones are officially supported activesync devices and will respect activesync security policies set by an exchange server. You can remote wipe them. (Funny thing - Winphone7's activesync support is provisional and not recommended for an enterprise environment - Microsoft's words!)
there's nothing you can do to a phone that a savvy user can't also do (or undo).
And if you are a phone manufacturer, (A) it's easy to more-or-less do what you're saying, and (B) there will still be people to can find work-arounds to break out of the lockdown.
The only reason I mention this is that Android has an energetic modding community, in spite of platform security built into some of these. (Locked bootloaders, S-ON partitions, etc.)
Just using your "for example" as an example... if you can put flash Cyanogenmod onto the phone, your users can flash a completely different ROM and defeat a lot of the things you want to do. The tools you would use are available to anyone, and if you try to deny your users root (for instance), there are plenty of root exploits available to break that jail.
In general, I think smartphones are too much general-purpose computers to really secure in the static way you're thinking about.
As to the (perhaps more weighty) matters like all-storage encryption, I have never seen a good answer. Anything you could install as an app would probably be too shallow (i.e., not effective before booting). In fact, I don't know if the standard Android Linux kernels are amenable to that; you'd need a custom bootloader or 2nd stage, and I haven't seen those specifically tailored for storage decryption.
I dunno. Sounds like you have a challenge ahead of you.
Welcome to the Panopticon. Used to be a prison, now it's your home.
I know that Boeing is producing a secure phone, which is no doubt good — but probably too expensive for us
If a secure, off the shelf phone is too expensive for you, you probably don't have the resources to build a secure phone yourself. Even the experts have trouble getting security right, an amateur will unknowingly leave big gaping holes.
That said, Android ICS will do full filesystem encryption, make sure you use a secure passphrase and not a 4 digit PIN. Use SSL to talk to your email server to keep that traffic from being snooped. Don't use SMS's.
Do you really need to encrypt your phone calls? Stick with a CDMA provider (supposedly it's trivial to hack GSM, but I believe CDMA is still relatively safe) and your calls are safe from all but the most determined (and well funded) eavesdropper. Unless you're worried about the US Government doing the eavesdropping, they'll just tap the call on the Telco side, so you need end-to-end encryption to protect against that.
Skype reportedly encrypts skype-to-skype calls.
But really, unless you're doing top-secret government work, your phone is the least of your worries. If the information is valuable, it's much easier to pay an employee to leak it than to steal your phone and hope to find the data stored on the phone. And if you are doing top-secret government work, a home-brew solution isn't going to meet the federal standards you'll be required to meet.
Get BlackBerry. Android is the wrong choice for your requirements.
My company just released Raptcha which converts messages into captcha images to be sent via mms, email or however, thus bypassing keyword filters and traps.
http://www.google.com/m?hl=en&gl=us&client=ms-android-huawei&source=android-browser-type&q=google+play+raptcha
Just a question, but why Android?
If you indeed NEED the security (I do for work, which is why I have a BlackBerry) why not just go the tried and true route of BlackBerry? Security is built in, everything except SMS (to my knowledge) can be encrypted, and you don't have to worry about updates from a 3rd party firmware (CM) breaking your apps or security model.
Other things I LOVE about my BlackBerry...
This is a sincere question. I carry two devices (BB 9900 for work, and a CM9 rom'd SGS2 for my personal phone) and I personally cannot stand the exchange email client on Android, it just seems slow and clunky, and CM9 helped a little bit, but not much. Use the right tool for the job, instead of trying to shoehorn a tool into the job you want it to do.
I wish I was a neutron bomb, for once I could go off...
I would also say Blackberry, others have covered that angle well though...
But why are you not considering an iPhone? Storage on the device is hardware encrypted, and can be wiped remotely. You cannot have people using un-secured SD cards with it.
There's nothing you can do to secure SMS since that's a carrier level thing, but you can use any number of secured messaging applications.
But really the biggest red flag I see is - you claim to be worried about security but then are trying to base a solution on the single most vulnerable platform for malware attacks. How can you responsibly suggest that for enterprise use?
I would also recommend WP7 but I just don't know enough about the features it offers to be sure about securing the device.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
You spec could honestly be stronger.
What threats do you want to secure against? What scenarios do you want to avoid? Do you want to ensure against virus protection? Lost devices? (e.g. oh noes! our client list is on wikileaks!) Locking down data?
For bonus points, what are the top three things your "reps" need to do?
Just make calls? Or do texting? Or access web mail? Or...?
And how many "reps" are there today? How many will there be next year?
And what is your logistics model? Everybody at the same physical workplace? Distributed "virtual" office? Different countries? Different languages?
Does your phone need to integrate with any of your workflow software?
Try writing up five or six hundred words on the above to enhance your question - I'm sure you'll get some useful advice if you do that.
I'm surprised I'm the only one suggesting this: Android Management
Phone calls are already encrypted. Text messages stored on the phone will be encrypted if the phone's system storage is also encrypted. Data traffic can be encrypted by forcing the use of VPN back to the company's local network (and as such, web filtering, etc. also applied).
If it's off-the-shelf it's not secure. You can't know that the chip factory isn't compromised, unless you inspect it
By the same logic, no product that you did not develop, including designing the CPU and any other chips, and fabricate yourself, down to the last individual resistor and diode, is secure. Which is patently absurd, since by this logic, any sort of secure device would be nigh-unaffordable, since you'd need to set up the entire fabrication chain to build just one prototype, requiring an absurd amount of capital.
A notion highlighted by the recent story on how Chinese-fabbed US military chips apparently contain a backdoor on the hardware.
Hyperbole: I use it liberally!
This is the first question you need to answer, most likely the answer is the latter.
I haven't thought of anything clever to put here, but then again most of you haven't either.
There is a... um, little known company, don't know if you ever heard of it, called Research in Motion, that has been making security on their smartphones their main priority SINCE 1999.
I was thinking of maybe installing Cyanogenmod onto something, using a permissions management app to try and lock down some backdoors and searching out a trustworthy text and phone encryption app. Any good ideas out there?
Custom-rolled solutions like this are a bad idea, and from a practical standpoint will likely result in less security going forward. Do you just have too much free time on your hands?
This is a problem that's largely been solved.
#DeleteChrome
use encryption for texting and phone calls.
I can't recommend or not recommend but http://www.koolspan.com/ offers a product to do this. Otherwise Nokia has been doing it for 8 years though with Symbian not Android.
How do you know anything?
And just a heads up, your company and it's information isn't nearly as important as you think it is and probably doesn't necessitate the need for any of this.
I take it you haven't read On Trusting Trust?
If it's off-the-shelf it's not secure. You can't know that the chip factory isn't compromised, unless you inspect it
By the same logic, no product that you did not develop, including designing the CPU and any other chips, and fabricate yourself, down to the last individual resistor and diode, is secure. Which is patently absurd, since by this logic, any sort of secure device would be nigh-unaffordable, since you'd need to set up the entire fabrication chain to build just one prototype, requiring an absurd amount of capital.
A notion highlighted by the recent story on how Chinese-fabbed US military chips apparently contain a backdoor on the hardware.
Absurd as it may be, it's true.
Well, maybe you can trust the resistors, but if you really have secret data to protect, you really can't trust even a CPU to be secure - there's no telling what's hidden in the microcode or what backdoors a software or hardware manufacturer has built in to the product "just for maintenance and testing purposes" (or at a government's request).
How about Enterproid's Divide App It basically carves out an "Enterprise" section to an individuals phone. Space is encrypted and you can enforce Exchange mobile security policy. In function, when you log into the app it looks like a whole new Android Launcher with secure apps for phone, calendar, email, sms, etc. Give it shot. J
The combination of Blackberry and BES is the correct choice if you want a secure enterprise solution. With a BES server you have complete control over the phones. Policies allow logging of everything that the phone does, including if you want all incoming and outgoing text messages, push and pull apps and calling restrictions.
The difference between consumer and enterprise blackberry is that the BES server has a secure key that you create and is unknown to blackberry, bis is controlled by blackberry and is snoopable by governments.
I've found that the battery life is better on a blackberry, but the browser isnt the greatest, but has improved in the newest models. Another thing to keep in mind is the battery is field swappable, so if the battery wears out, YOU can switch it out, or carry a spare.
Blackberry made the mistake of getting into consumer phones, but for enterprise situations, blackberry is the best way to go.
"Every security scheme that is based on secrets eventually fails." - Steve Jobs
You can choose from any number of Mobile Device Management solutions, most of which consist of keeping the business stuff in its own encrypted area separate from the personal stuff. These solutions are especially in BYOD (bring your own device) situations which are increasingly the norm as users either want to carry a single device or prefer their device to whatever the organization provides (typically Blackberry). RIM's MDM solution, and others have the ability to manage iOS, Android, Blackberry OS and other mobile environments. You get features like remote wipe, jailbreak detection etc. At work, we are migrating away from Blackberry at work to iOS (at least at first) and will likely include Android devices, as well as BYOD. It will mean a significant savings in support costs in the long run. If I can remember the name of the MDM solution we selected, I will post it here. Also, even if you don't like (or don't choose) Good's MDM solution, their website has a lot of good background information and white papers.
To clarify on the blackberry messenger encryption: It's encrypted by default with a global key (hardly useful) but pin to pin communications can be encrypted using an organizational key, if you subscribe to a S/MIME package.
Not quite. Blackberry messenger by default does use a global key (and the key is known by many in the security community), but blackberry messenger is also encrypted with 3DES, which is a bit weak. With a million dollars of computers, 3DES can be brute-forced reasonably quickly.
By comparison, blackberry email is encrypted with AES.
If your company has a blackberry enterprise server, you can set your own key for blackberry messenger, you don't need the S/MIME package (fyi, S/MIME is free).
You are correct that pin to pin communications can be encrypted using S/MIME.
You can also get a PGP module for blackberry, but you have to pay for that.
Its not patently absurd. You are basically saying 'trust is hard, so we shouldnt try"
Good-bye
You'll definitely want to investigate an MDM solution to help manage this deployment from a device/user management, security and incident response perspective. Having said that, I know Samsung (Samsung SAFE), Motorola, 3LM (middleware) and HTC (HTC Pro - not the same as HTC * Pro devices) all have proprietary MDM frameworks added onto Android in specific phones. These will let you control things like encryption a bit better than Android out of the box. I can't answer to encrypted text messages or phone calls though. Without coming off as a shill, I'd recommend investigating solutions from Good Technologies, AirWatch, and MaaS360. Those products meet different needs, but they all do what they do very well.
Your use case and focus on security really suggests that BlackBerry would be the best bet, but if you are focused on finding a way to securely deploy Android devices, but still maintain some security, take a look at the BlackBerry Universal Device Service product as an MDM solution:
Feature Checklist: http://ca.blackberry.com/content/dam/blackBerry/pdf/brochure/northAmerica/english/BlackBerryMobileFusion,UniversalDeviceServiceFeatureChecklist-1.pdf
Details: http://us.blackberry.com/business/software/mobilefusion/
Docs: http://docs.blackberry.com/en/admin/subcategories/?userType=2&category=Universal+Device+Service
BlackBerry Mobile Fusion Client for Android: https://play.google.com/store/apps/details?id=com.rim.mobilefusion.client&hl=en
You can deploy policies to enforce media card encryption, not sure about the call/SMS logs or encrypting the rest of the file system. That's probably something that would have to be baked into the OS - if you have to do it via a mod or rooting the device, you potentially open yourself up to more vulnerabilities.
The UDS product can detect if a device is jailbroken or rooted, and you can set rules to lock out access to internal resources. You can also do remote device lock/wipe, so that gets you halfway there.
SAP recently bought Sybase, which made the Afaria platform. This will actually let you set policies across phone types (BB, Android, and iOS) such as device encryption, application restriction, remote wipe, etc. Cross-platform solutions like this are attempting to enable the "Bring Your Own Device" methodology to the workplace. Many of the posts above are very true, though, especially when it comes to Android flavors. It's been noted that the Samsung phones seem to have the most robust encryption, etc. Now the rub. This tends to be a very expensive solution, and therefore limited to larger Enterprises, so tread lightly and research it (as you should do with any MDM app) before jumping in. Linkage: http://www.sap.com/solutions/technology/enterprise-mobility/management-afaria.epx Not sure if this helps, but something to look at.
Virtually all the malware (and there is some drive by stuff happening) attacks people with rooted phones, so installing even a secure "ROM" is probably the worst thing you can do for security. By looking for software that has gone through the common criteria (assuming that still exists or another similar certification process) you will have some reassurances that it was designed in a secure manner. I would also look for something using other government standards, like FIPS 140-2.
You should check out GOOD for mobile devices. It will create an encrypted sandbox for any corporate data/applications and works on a variety of phones. It also comes with some decent enterprise tools. The drawback is it requires changes to some 'user' plans and that creates headaches if you allow personal devices on corporate networks.
The Motorola (Droid) Pro+ has a number of enterprise level additions to it, focusing on security in a business environment. Including encryption, remote wiping, and "dead zones" to disable features like the camera, etc. in certain areas. And it's got a querty keypad (candbar design, not a slider) Check it out!
Without full disclosure on the OS, the source, and hardware you can't guarantee its secure.
I am guessing here, but it seems to me cell phones are designed from the ground up to be insecure.
"If any question why we died, Tell them because our fathers lied."
Unavailable and has been for months. Pure vaporware at this point.
Learning HOW to think is more important than learning WHAT to think.
Buying into the "Walled garden == Security" philosophy doesn't cut it because you have no way to VERIFY things haven't been tampered with. You just "believe" they haven't been. Unless you jail break/root you can't be sure because you have no access. That makes it just as un-trustworthy as a trac-fone you found in the gutter. You might as well just use cyanogen, root it, get an sha1sum of everything on the device and have a way to track changes. Feeding Apple all your $$ while drinking all their "walled garden koolaid" is just going to get the industry another monopoly
Join the Slashcott! Feb 10 thru Feb 17!
Enterproid http://www.divide.com/ mobile device management is a service that costs $60/device/year that creates a secured remotely wipe-able sandbox on Android. They also submitted their app to the Apple store so it should be appearing soon for iPhone's.
FYI, they are working with Fixmo to be Common Access Card compliant for NSA standards...
[RIAA] says its concern is artists. That's true, in just the sense that a cattle rancher is concerned about its cattle.
There isn't much real security provided by closed source encryption products. If they've no intentional backdoors, you still face the company concealing their mistakes to save face, which costs you security.
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
Another drawback is the quality of the product. To put it politely, it is less-than-Good.
If you stop someone in the street and ask 'How do i get to the post office', would you be happy the following answers?
1) "Nah you dont want to go to the post office, its UPS you want. To get to UPS you should go..."
2) "Its 11am? what sort of idiot goes to the post office at 11am? the queues will be terrible, you should just go home."
3) "There are many ways to go the postoffice, i cant tell you which if you dont give me the exact critiera by which you can judge the best route. Is it fastest? shortest? most scenic? safest? does it need to be wheelchair friendly?"
4) "You should just use email! you fool!"
No? then dont ask slashdot...
Reading posts you can generally tell what product each poster owns. Point for point the Blackberries match up with the requirements. Despite personal biases they have the goods and plenty of market experience doing so.
Put another way you're asking for a bread slicer. Instead of buying the industry standard machine that slices bread you have all sorts of proposals for trying to make ninja swords do the job instead. Hey, the sword will be a lot more flashy. At the end of the day security and business focus the only real bread slicer available is the blackberry. This has been their focus from day one. Not entertainment, not the latest greatest games, plain simple secure business apps. Ask the majority of law firms, accounting firms, security firms, police forces, military and government users. Alas, they are not using android or i-ninja-swords to slice the bread. Plain simple non-nonsense BES and Blackberries.
http://www.whispersys.com/
This may or may not be what you're looking for... not all of their offerings appear to be open source.
Both you and the poster above are kinda screwey in terms of thinking.
First of all... while implementing security code in VHDL or Verilog is possible and has been done, the CPU is just not a big risk in this case. You can use a CPU from a company you're sure is fishy and so long as the software above it is written properly, it should make no difference. It's not really even a matter of cost. Encryption is a software feature... security in general is software oriented. In a system such as Android where the processor itself doesn't even run the executable code but instead runs code JITed for the processor, it's even less relevant. I can write 10 pages on this to prove my point, but it's a waste of time.
On the other hand, there's nothing that says that a second microcontroller couldn't be hidden in the phone which runs a second network session in the background. Still, there is too much dependence on software and things like keys and such that would make it impossible for this to be an issue if the software is written properly.
It would just be stupid to waste time developing a malicious CPU if you can just install what you want on the phone itself as software.
The new BB based on QNX is not tested for security yet. Yes... they did internal testing and all that and QNX has a history for being secure for the most part, but with several million new lines of code to compose the full rewrite of black berry's software, there's no possible way they could have tested that phone for any reasonable level of security in that time.
Also please keep in mind that QNX develops their own TCP/IP stack which I personally have used for about 20 years. And after having access to the OS source (and having worked closely with QNX on software projects for years) I don't feel confident that their stack is as secure as they say it is. Remember that QNX is one of the hardest operating systems on the planet to perform system level debugging on. This makes it very hard to properly audit the stack. It is however a user-mode stack which means there's less chances of kernel level "root kits".
Also, the phone is based on Java which is not very hard to hack... a simple "friendly" app can easily replace the JAVA class loader and pretty much run key loggers and such without a problem.
The only thing which appears to make BB secure is their advertising. They tell us all how secure they are and we feel secure with them. Without a proper code audit, I wouldn't ever consider them secure.
Pre-QNX BB was pretty secure... but with the whole rewrite, there is absolutely no possible way a device with that much code changed and that little use so far can be secure. I justify it above.
He might end up with Blackberry based on QNX which is not the secure BlackBerry which the NSA and those guys cleared for Bama.
Blackberry on QNX is a thoroughly untested system based on a nearly full rewrite of the operating system which we all know suffered from severe rush to market syndrome. Meaning that there is no possible way a product which is almost certainly a million lines of code or more has been thoroughly tested for security. I mention in previous comments that QNX runs an in-house TCP/IP stack which almost certainly is exploitable. It runs in a separate process from the kernel, but it's still not the IP stacks used by millions and tested by every security lab on earth. The way you know for sure that it's got holes in it is that no one has reported holes on it. What this means is, no one has put it to the test yet. Or we could be expected to simply believe that QNX wrote every line of code perfect and they never had a bug... ever.
I've worked with QNX (with them directly on project with many many developers on their side as well as mine) and learned that QNX, just like other companies is not perfect. The only reason why they're secure is that we don't know what the holes are yet.
Let's not forget the Java platform which really does make it wonderfully hackable. Java provides so many possible ways to install rootkits and trojans that unless they found a way to run each app in a separate process, it's hopeless.
So... if people want to steer the reader well... they should recommend the old Blackberry stuff... it'll be years before we can consider this to be secure.
I am a system level developer who has implemented encryption technologies used in top-secret environments. Also I have worked on mobile device development at a system level for many years. I can't detail my credentials, but for as much as anyone else on Slashdot can be considered reliable, ... well you take it from there.
... and often did.
1) So far as I know, the only "smart phone" OS which has been "properly audited" was the specific versions of BlackBerry OS which is used by Obama. This does not include all versions of Blackberry OS... only the versions which have been specifically audited and approved for use on his phone. This does not mean that the OS is secure, the NSA audit on the code was performed too quickly for my tastes. It just means that the majority of "obvious holes" are not present. This completely rules out the newer QNX based OS for Blackberry since there is absolutely no possible way that much code could be properly audited in the time which it has been available. On top of that code audits are only a small part of what you need to do to secure a few million lines of code which is heavily communication oriented. Of course, running a simply security auditor on the OS helps as well, but I wouldn't bank on that either. An OS needs years of testing at a single revision before it can be truly solid.
2) Android may or may not be secure. It's extremely unlikely. If however you want Android and can't live without it, make sure to use only OS images which are hash check verified (MD5, SHA...) from Google directly. If the phone can't run the stock OS, DON'T USE IT! The reason for this is that the OEMs often update and modify code before putting it on the phones. They are feature oriented, not security oriented. Google Nexus would be a decent choice for this.
3) Don't even consider Windows, Symbian or iOS based phones. iOS is the safest of those three, but lacks pretty much all the features you're interested in. So far as I know, Apple doesn't even care about a "trusted platform" as the cost of maintaining a trusted platform is WAY TOO HIGH and would never yield the profits Apple demands from products. Windows and Symbian just aren't about trusted in the first place and the serious short comings in the Symbian "Development process" make it far too susceptible to being able to be hacked. Without decent development tools and kernel level debugging (which Symbian simply lacks for the most part) it's not possible to harden an OS. Also since Symbian never made use of things like "Test driven development", any change in one place could wreck 100 things elsewhere
4) Never EVER allow users to install apps... ESPECIALLY ON A JAVA PHONE meaning Blackberry or Android. This is because Java is insanely easy to hack. Yes, I know Oracle and Sun say otherwise... but I recall Yugo also calling their cars safe. Voluntarily installing an app which replaces the class loader on the system is enough to hack the entire thing. There are hundreds of other ways to hack Java which is obvious to me an others that can be exploited with a simple malicious chunk of code in an app. Also, since Java based platforms don't generally allow sandboxing, the apps all kind of have access to override system resources and interfere with each other.
While I personally despise Blackberry having tried it a few times and felt like I was using junk, if you must have these features, you should use their hardened and audited system.
Android 4 (for example on Galaxy Nexus) has encryption built-in.
http://support.google.com/ics/nexus/bin/answer.py?hl=en&answer=1663755
Pick two.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
Check it out
http://www.nsa.gov/ia/programs/mobility_program/index.shtml
http://fastest-android-phone.blogspot.com/2012/03/nsa-built-android-phone-for-secret.html
Worth watching what NSA is doing.
http://www.informationweek.com/news/government/mobile/232600238
If that's the one about the possible compromise of the GCC compiler, I did. And it mirrors my point perfectly: you can't be sure there's no backdoor, unless you make it yourself from the ground up, and if that's not possible, just trust the chain.
Hyperbole: I use it liberally!
The way the "common criteria" are defined, you need to be an accountant or a logician to figure out just what feature set they claim a high security on. I usually wasl "would it meet B2?" If they can't answer, it won't (;-))
--dave (and yes, on good days I am a logician) c-b
B2, from the Orange Book, is an old military standard, approximately what SELinux meets. C means crappy, and there were a very few people who got an A
davecb@spamcop.net