The Pentagon Approves Android; iOS Still in Testing
A new version of the Security Technical Implementation Guide released by the Pentagon green-lights the limited use of Android to access computer networks operated by the Department of Defense (DoD).
Only Dell's version of Android 2.2 was approved. However, Dell currently sells only one Android 2.2 phone, the Venue, and DoD Android workphones won't be able to access Android Market and classified information can only be accessed via a DoD proxy server.
Meanwhile, iOS is not released for official use through iPhone or iPad devices. According to the Security Technical Implementation Guide, iOS is only approved for testing purposes, but for DoD-wide use. There was no information when iOS and additional Android versions might get the Pentagon's approval, but it is unlikely that Android, due to its considerable fragmentation, will ever get a general authorization for official use.
- Former MS VP Speculates on Windows Phone's Slow Adoption
- This Japanese Vending Machine Dishes Out Free Wi-Fi
- China Unveils New 500 km/h High-Speed Train
- JXD Releases 7-inch Tablet With Gaming Controls
- Threat Predictions 2012: Advertisers will Become Spammers
- AT&T Completes $1.9B Purchase of 700 MHz LTE Spectrum
- More Apple iTV Supplier Rumors Surface
- Company Sues Former Employee for Taking Twitter Followers
- GameStop: iOS Trade-ins Have "Exceeded Expectations"
- Amazon: It Was The Best Holiday Season Ever for Kindle
- Report: Apple Revealing Two iPad 3 Tablets in January
- LG Revealing 84" 3D UDTV at CES 2012
- PS Vita Sales Plummet After First Week on Market
- Rumor: Nintendo Building Apple-Like App Store for Wii U
- Headphone Concept Puts Turntables On Your Ears
- Rumor: HP Wanted $1.2B For webOS, Didn't Get It
- Android Sees 3.7M Activations Over Christmas
- Apple Patent Reveals Face Detection for iOS
- Tablets, Ereaders Signaling the End of Physical Books?
... bad idea...
iOS not approved? I guess they're afraid of someone blabbing out all the secret info to Siri
They only approved Android so that they can keep tabs on the device with carrier IQ.
Why does DjEazy keep trolling?
I guess if iOS was approved it'd be too mainstream
reason's why Ios and android will not be approved dod sources. Open source is the reason. Too many high risk security features in both of the applications.
Why are they even bothering with either, RIM is built JUST FOR THIS. Why fix what isn't broke? I mean, i like android and Apple (i have a 7' Sprint Evo View 4g with Honeycomb and an iPhone) but come on, the blackberry is super secure. Shoot, the DoD should have worked with HP for the Palm just for DoD
I'm amazed the DoD have decided that android (well, one company's implementation of it) is secure enough.
Any mobile OS that allows sideloading of non-approved/examined apps shouldn't even be considered for accessing potentially sensitive information.
reason's why Ios and android will not be approved dod sources. Open source is the reason. Too many high risk security features in both of the applications.
For starters, what open source about iOS?
Secondly why does being open source make it automatically less secure?
For starters, what open source about iOS?Secondly why does being open source make it automatically less secure?
Because open source is evil that's why!
Surely this will change everything. encrypted secure vm in android.
http://downloadsquad.switched.com/ [...] alization/
For starters, what open source about iOS?Secondly why does being open source make it automatically less secure?
Because by definition the source code is out there for everyone to see.
That's like asking "Gee, I wonder why our new stealth fighter isn't so good when we published the blueprints for all to see". Giving source code out is like giving a road map to make things easier to get into. Open source has it's place, but around sensitive information is not that place.
Yup, the military is choosing android over iOS im certain because they can compile a secure kernel. Android versions may be fragmented but they can customize the OS. Both OS's are unix based but, iOS is way too proprietary, that's apples biggest gov't adoption problem. Military started testing iOS back in 2008 but it still hasn't passed approval stage yet. They started testing android a year later and it is approved.
@Wildkitten - the flip side of that is that it can be fixed by people in the know. They can audit the source code for themselves and see and hopefully fix vulnerabilities.
Thats not to say that I think open source is more secure than closed, maybe it is maybe it isnt. I would think it depends more on the quality and testing procedures of the developers. That goes equally for closed source, except you cant see the code to tell.
Anyway IMO open source does not automatically = insecure, and closed source does not automatically = secure either.
Because by definition the source code is out there for everyone to see.That's like asking "Gee, I wonder why our new stealth fighter isn't so good when we published the blueprints for all to see". Giving source code out is like giving a road map to make things easier to get into. Open source has it's place, but around sensitive information is not that place.
I guess this explains why most server, specially those than contain sensitive information, run an open source OS, and still manage to be more secure than the closed source competitor.
They are just confused on how to use it.
Oh that's a surprise, I would've thought Android would take longer.
I guess this explains why most server, specially those than contain sensitive information, run an open source OS, and still manage to be more secure than the closed source competitor.
Not with the government it doesn't.
I have a friend who is a programmer with a well known company. He gave a demonstration and built a keylogger directly into a well known open source program's executable file. It only took a few minutes and nothing detected it.
Sorry, but I still don't want my personal information ever sitting on open source software. The argument that "well open source means more people can find the vulnerabilities and fix it" just doesn't work for me. If that's true security, tell me why we don't make our best weapon systems common knowledge as far as how they work and how they are built? I mean there would be so many more people who could make that weapon system better right? And if the "bad guys" don't hack open source software, surely the "bad guys" won't use the knowledge the blueprints of the weapon systems.
And I would really love to see some research to back up your claim that open source OS's that contain sensitive information is more secure than their closed source counterparts.
I'm amazed the DoD have decided that android (well, one company's implementation of it) is secure enough.Any mobile OS that allows sideloading of non-approved/examined apps shouldn't even be considered for accessing potentially sensitive information.
There are many reasons why Android is used, the largest of which IMO is cost. When you have millions of accounts at $30/seat/year + server cost (cost for BES + licensing.) you can buy a whole mobile IT department instead off relying on RIM to do it for you.
In case you haven't noticed RIM isn't exactly doing to hot in any market right now, not even security. Their devices filter all content through their servers before the destination device is reached. This is why a "blackberry outage" generally covers the whole of north america or more, and not just "city or carrier X."
@wildkitten,
Your BSing everyone and trying to front.
The DoD's most commonly "server OS" by volume is Windows NT (Server 03 / 08). Once you trim out the commodity stuff (AD / DNS / Exchange / File Server) then Unix becomes the most common "server OS". Specifically Solaris, the DoD really likes Solaris.
Also DoD secure networks are independent of the internet and any form of cell phone network. There simply is no interface, no way of data crossing over. So even if you had this cellphone you wouldn't be accessing anything classified. That whole "through a proxy" is bullsh!t, there is no such proxy in existence nor will there ever be. The NSA is entirely too paranoid and cautious to allow such a connection, and their the ones who ultimately approve connection methods.
This is some bad journalism at work, probably by someone who isn't familiar with DoD networks in general.
Not with the government it doesn't.I have a friend who is a programmer with a well known company. He gave a demonstration and built a keylogger directly into a well known open source program's executable file. It only took a few minutes and nothing detected it.Sorry, but I still don't want my personal information ever sitting on open source software. The argument that "well open source means more people can find the vulnerabilities and fix it" just doesn't work for me. If that's true security, tell me why we don't make our best weapon systems common knowledge as far as how they work and how they are built? I mean there would be so many more people who could make that weapon system better right? And if the "bad guys" don't hack open source software, surely the "bad guys" won't use the knowledge the blueprints of the weapon systems.And I would really love to see some research to back up your claim that open source OS's that contain sensitive information is more secure than their closed source counterparts.
telling people how to build a weapon system
telling people how an OS works
How are these two even relatable?
The only devices that have general authorization use are of course BlackBerries as it should be.
The only reason why the DoD must have considered this OS approval is , IMO, it's highly customizable stuff. Everything in this Environment can be controlled and customized, thus, having it on a standalone does have a lot of advantages. The kernel can be optimized endlessly for any particular purpose and can be extremely beneficial to even the DoD/Medical Research/ Scientific Research & Development Labs and other enter pruners who are willing to take it on with their own software labs.
Why does DjEazy keep trolling?
just google for android security issues
So Angry Birds was found on the list of "approved applications"
Hopefully they will get to use Words With Friends!
@DjEazy, zybch, wildkitten and whomever else has questions and needs clarification regarding the mass of misinformation regarding mobile security issues in general. Goto The Open Web Application Security Project (OWASP) https://www.owasp.org, if you really want to know and not just trying to spam the forums with nonsense.
Not with the government it doesn't.I have a friend who is a programmer with a well known company. He gave a demonstration and built a keylogger directly into a well known open source program's executable file. It only took a few minutes and nothing detected it.Sorry, but I still don't want my personal information ever sitting on open source software. The argument that "well open source means more people can find the vulnerabilities and fix it" just doesn't work for me. If that's true security, tell me why we don't make our best weapon systems common knowledge as far as how they work and how they are built? I mean there would be so many more people who could make that weapon system better right? And if the "bad guys" don't hack open source software, surely the "bad guys" won't use the knowledge the blueprints of the weapon systems.And I would really love to see some research to back up your claim that open source OS's that contain sensitive information is more secure than their closed source counterparts.
Dear lord, how many key-loggers exist for windows that also go undetected, millions? Also if you don't want your personal information sitting in an open source OS then it's best for you to disconnect from the Internet and return to the stone age because most of it's structure is built on open source OS's. There are tons of research that claim that quite a few open source software is more secure than their closed source counterparts. There are also studies that claim otherwise. But the fact remain that most servers out there use a *nix OS, being Linux the most common.
For starters, what open source about iOS?Secondly why does being open source make it automatically less secure?
iOS is based on OS X which was based (in part) on BSD. All that being said, once a person has physical possesstion of an iOS device it is still pretty easy to crack the security (through the same methods used to jailbreak the device). Of course, Apple doesn't allow sideloading so that don't have the malware issue that Android is plagued with (and why does the DoD not think that is an issue again?)