Is Android Really Secure Enough for the DoD?

Android LogoOver the holidays I came across an announcement that Pentagon officials have approved the use of Android in addition to BlackBerry to meet their mobile computing needs. In summary the reasons why they chose Android included:

  • Open Source Platform: Google likes to call Android open source however they only legally meet what true open source is. Besides the ability to fork the entire code base, their open source model doesn’t differ that much from IOS. It’s take it or leave it with no community or transparency during development. In terms of what the DoD is looking for (just being able to fork it), this would meet their requirements.
  • Lock Down after Login Failures: True … but most other smartphones offer the feature of locking down the platform after so many failed login attempts so this isn’t too much of a security discriminator.

They also poopooed iOS for various reasons including:

  • Closed Source Code: True but you think the U.S. government could work out a NDA with Apple so they could at least review the code. Still, it’s a long way from Android’s open source model.
  • GPS Regularly Reporting to Apple: Why … Apple … do you do this? At least give us an option of disabling the reporting function and still keeping the platform useful.
  • Data Shared on iCloud: It looks like this can be minimized by disabling iCloud and not using certain Apple services (e.g., iMessage). Still very frustrating though…
  • Slow Patching: Yeah, but at least the devices actually get patched versus the old Android version the DoD approved, which by the way is way behind on patches.

Of these, I think the only anti-iOS arguments that stand on their own are the first two. Well maybe the government could create a special jailbroken version of iOS that meets their requirements since that seems to be legal after last year’s DMCA adjustments. At least they could knock the second criticism out.

In closing I am going to jump on the “risk” bandwagon here but I think it’s a better way to evaluate Android vs. iOS security. If you look at the enormous number of threats against Android, I feel that these two platforms are mostly on equal footing from a risk perspective.

via Net-Security.org

US Department of Defense officials that need a mobile device are no longer restricted to using a BlackBerry, reports Muktware. The Pentagon has now also allowed the use of Android, but only if it runs on Dell hardware, and only if it’s version 2.2 of the mobile platform.

The decision has been made by the Defense Information Systems Agency, and was influenced by many factors.

Continued here.

#####

What are your thoughts on the DoD’s approval of Android as a mobile platform? Should iOS have been included in that approved list? Today’s images is from Android.com.

7 comments for “Is Android Really Secure Enough for the DoD?

  1. January 3, 2012 at 3:28 pm

    Is Android Really Secure Enough for the DoD? http://t.co/MlqQFnrY

  2. January 3, 2012 at 4:15 pm

    Also some thoughts on DoD’s selection of Android as an approved platform. http://t.co/CBxnzfMF

  3. January 3, 2012 at 5:09 pm

    Is Android Really Secure Enough for the DoD?: [nova#infosecportal.com] Over the holidays I came across an… http://t.co/TI6UrrUD

  4. January 3, 2012 at 7:19 pm

    Is Android Really Secure Enough for the DoD? http://t.co/CS8XVmdb #ios #android

  5. January 3, 2012 at 10:01 pm

    Lots of pros/cons for DoD selecting Android as approved platform. I hedged using “risk” as an excuse. http://t.co/CBxnzfMF

  6. January 4, 2012 at 7:07 pm

    BLOGGED: Is Android Really Secure Enough for the DoD? http://t.co/MtzHbdEi #NoVAblogger

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.