NSA Releases Security-Enhanced Android 81
An anonymous reader writes with the recent news that, in line with its goal to provide secure phones to government employees in various domains, "The NSA has released a set of security enhancements to Android. These appear to be based on SELinux, which was also originally created by the NSA."
Is it secure from the NSA et al? (Score:3, Interesting)
The question is what backdoors have they placed on it. Is it secure from themselves (NSA) and other three letter agencies?
Re:Enhancement, from the NSA? (Score:4, Interesting)
Of course they can hide a backdoor in it. But why bother when they already have nearly unlimited powers due to the PATRIOT act, have many corporations that will bend over backwards for the police state, and laws like CALEA.
Re:Is it secure from the NSA et al? (Score:4, Interesting)
Unless the "security through obscurity" is to make the OS more widespread, and so make actual NSA phones less obvious targets. One thousand "sensitive" phones amongst an install base numbering one hundred thousand slashdotters and tinfoil hatters is a good starting point.
Re:Enhancement, from the NSA? (Score:4, Interesting)
while mainly correct, your proposition ignores the fact that in programming you have a lot of plausible deniability in form of the programming mistake. A wrongly placed comparison or wrongly compiled regexp can have huge side effects while looking like little mistypes even a good albeit tired dev would make. Now think that by implanting such a small discrepancy into a big project you could do very many things without being ever detected. Also the side effects of such a behavior are very difficult to follow in a big project making the possibilities of it being forcibly discovered ridiculous since you would have to follow every reroute into oblivion before being sure there are not deliberate side effects.