What Is It? Should I Be Scared?
Now first, I’d like to point out that this article I’m going to be referencing doesn’t seem to have any sources other than the submitter/writer himself, so this is all highly speculative at this point. I’d like to cross-examine this piece as if it were news, so sit back and enjoy.
This all has to do with a project called SEAndroid. SEAndroid is born out of SELinux, which has been around for many years. Now that Android is “main-lining” with the vanilla Linux kernel– to some degree– integrating things like SELinux and create separate distributions based around it are no-brainers and that is just what this project is.
Its name is SE Android, for Security Enhanced Android. Its mission: “to identify and address Android’s serious security flaws.” It’s the brainchild of a newcomer to the smartphone market, the NSA. Yep, NSA for National Security Agency, the US intelligence agency in charge of spying on foreign telecommunications and the security of US government communications.
Go and check out the homepage for the SEAndroid project. Where is the mention of the NSA entering the smartphone market? There is none. You could also try visiting the NSA’s homepage for the SEAndroid project. Also, no mention of trying to break into the smartphone market or monetized the project in anyway. In fact, both page outline the purpose and components of the project quite clearly and with a high level of transparency.
Who’s Gonna Make This Thing?
Every day about 700,000 Android phones are activated throughout the world, including to members of US government departments and agencies. Anxious to fulfill its mission to secure government telecommunications, the NSA published in early January of this year the initial version of SE Android. In reality it’s not so new: it’s based on SE Linux, another security module developed by the NSA specifically for Linux, the popular open source operating system.
The code for the SE Android is also open source. It’s accessible to any amateur or professional developers who want to “audit” it.
This is all perfectly reasonable, and if a manufacturer chooses to implement it, they will! But maybe they won’t… Malware in the Android Market is not exactly an epidemic, but it is quite problematic. A major manufacturer like Samsung or a carrier like Verizon will likely not bother with this unless the threat of malware cuts into their ability to move Android handsets. This isn’t a problem, much like moving Windows 7 laptops is not hard for Dell and HP…
Now if a carrier wants to gain more corporate mindshare in the fruit-flavored world of enterprise–I’m talking about Blackberry and Apple– then SEAndroid might be a value-added feature to lure the lingering customers that are trying to find a new platform to migrate to; but other than that, who cares?
In 2007 and 2009, the NSA admitted to having worked with Microsoft on the security for their Windows Vista and Windows 7 operating systems. In December 2010, doubts about the intentions of the US government culminated in the Open BSD case. A software engineer by the name of Gregory Perry revealed that his former company, NETSEC, had at the behest of the FBI inserted backdoor Trojans into the code of Open BSD, a free operating system similar to Linux.
Having a history of working closely with Microsoft certainly doesn’t do much to promote the effectiveness of the NSA! Jokes aside, I’ve still yet to read anything here that indicate’s the NSA’s intent to manufacture, distribute or partner with 3rd parties. The speculative tone of this piece is overwhelming, and it may very well be effective in scaring the living $h!7 out of you! But don’t be scared. Consider the impact that SELinux has had in it’s relative space.
The real spy just may be Google. Sleep tight!