OMG GUISE PRISM

All Android code is available for public review, and plenty of people are reviewing it

It came to light today (though it was never a secret) that the NSA (the National Security Agency), a U.S. intelligence service that's been in the news as of late for things nobody likes, is contributing code to Google's Android project. Of course, the Internet's first reaction was predictably "OMG PRISM! They're building in PRISM!!11one!"

You can relax folks. While the NSA has no official statement about what they call their Security Enhancements for Android project's link to the PRISM project, this isn't something new. They've been working on this Android code since 2011, which is an offshoot of their SE (Security-Enhanced) Linux project before that. Their SELinux code was peer reviewed by anyone and everyone, and the commits were generally accepted as being great additions that make a secure operating system even more safe.

While Android isn't developed in the open, upon release the code is all available. There are all manner of very smart and god-like code nerds pouring through it, and any shenanigans would be quickly uncovered. Let's just take a deep breath, and realize that the NSA could be very helpful writing code to keep systems secure. 

More: Bloomberg

 
There are 35 comments

rootedVette says:

Jerry Hildenbrand, peacekeeper.

Posted via Android Central App

JobiWan144 says:

+1

Posted from my HTC EVO 4G LTE via Android Central App

DWR_31 says:

And what person in their right mind fully trusts the government?

Posted via my Totally Android Central Themed including FX Cased, Rooted Sprint GSIII named "White Dragon".

mwara244 says:

Virtual tin foil hat is on.

"internet's first reaction was predictably OMG PRISM!"

YEA YEA I agree, stupid reaction!!! NSA LOVE US, they gonna protect our androids from TERRORISTS.
By the way terrorists kill 10 people per year at developed countries! Android need NSA HELP FROM HACKING TERRORISTS!
I wanna say thanks to NSA for such intensive care about all us!

Joe Smith12 says:

If you want to see how easy it is to push an app to an android phone and turn it into a spy device check out AndroidLost. You cannot trust any device with a camera, microphone and internet connectivity, it's as simple as that!

deltatux says:

This has been in talks for a long time, it's great to see multi-level security (MLS) being incorporated in Android. Projects like Fedora have been trying to push MLS (through the use of SELinux) in mainstream Linux. However, desktop Linux users tend to stay away from it because it causes them more inconvenience than benefits. For Android, I think it'll work a lot better.

Tyler Paul says:

Think about it. Who is better qualified to track down and close backdoors and exploits than one of the most active discoverers/exploiters of those very things?
Sure, they're only doing it for their own reasons (build a more secure system for themselves. But I'd rather their code be available to us, than closed off.

ExtremeNerd says:

Unfortunately, it will be a day or so until we see the opposite on Reddit...

Jay Soto says:

The NSA can't be trusted that much from what I can see recently.

That may be so. The good thing is we don't have to trust them, because we can look at the source code to see exactly what it's doing.

knahrvorn says:

Do we, now? Who says the source code that we can all download and trawl through if we want to, is the exact one down to every comma, that we're all running in binary form on our phones? How many here compile their own Android? I know I'm playing the Devil's advocate here, and it would be a breach of the open source license, but if I'm not mistaken, other legal agreements (laws?) have been breached as of late on NSA's account.
[Paranoid mode off]

Posted via Android Central App

Doan says:

Of course we don't all run the same code, to the dot. Both manufacturers and carriers modify the OS before release to each device. We're all running different code.

Not a single Android device runs pure base Android OS code.

https://code.google.com/p/android-apktool/

All those apk teardowns that look through the code aren't magic. Use this tool and check for yourself :)

heavyvino says:

Now we know why Google wants to consolidate all of our information, the NSA wants it. Google works for the NSA.

#sacasm

Posted via Android Central App

MUTINOUS says:

It's interesting to note that the openness of the Android OS is one of its strongest security features.

anthonok says:

Lies! They want all my private information!!!!! Especially my secrets about. My methods that I only secretly talk about on Facebook because it's secure and private!!! Also I talk about it in front of Xbox ones kinect 2 so there's no way they can hear me!! Rawr security breach ahhhhhhh_5?3#8?jbe@/3=?@$m!k!!!!!

Posted via Android Central App

That was extremely funny:)

Posted via Android Central App

mssca says:

Is this means that when I completely forget my passwords, I can contact NSA to get it back. Cool...

Dan29466 says:

LOL

Chanlion says:

Great that there's no backdoor. But NSA development is basically like knowing the blueprints to your ship. So there's no 100% confidence hearing this.

Think of Android as if it were a cake.

Google has a recipe to make that cake, and if you follow it step by step your cake will be the same as my cake. We both can read and see everything that goes into the cake.

No imagine that <insert someone you don't like> adds a tsp. of Vanilla extract to the recipe. You can still see everything that goes into the cake, and know exactly what's different between the recipes.

That person you didn't like could always see what was in the recipe anyway.

I'm not going to suggest that anyone should trust any government agency. The good thing is we don't have to trust them, and this scenario was already played out with Linux once before. 

 

XavierMatt says:

More importantly... Where did that wallpaper come from?

HTC ONE ~ Android Central App

onsoku says:

+1

danielst3 says:

There are two sides to the NSA. The people who go after info and the people who protect info. SEAndroid is from the people who protect info and has nothing to do with survalance.

DaVince says:

I LOL'd at "god-like code nerds".

Sulfur says:

Anyone who believes that an open source project can't be backdoor-ed is incredibly naive and should not be giving security advice. In addition, I would be comfortable betting that not a single person running android built from source has ever audited the entire codebase that they built. That said, they had no need to backdoor it, so I doubt they would risk it.

cwilson617 says:

Yeah, and that's exactly what I would say if I worked for the NSA. Not buying any.

Anyone have that Dark Side wallpaper in the picture? That's a cool one I haven't seen before.

Posted via Android Central App

universeand says:

Since they scoop up everything over the air and on the Internet NSA doesn't need a backdoor.

Gearu says:

And yet they want to stop Huawei and ZTE from offering their phones in the US because it may contain secret backdoors that can't be found... pot kettle kettle pot.

If they can't be found then there is nothing to be concerned about. I have not heard about this alleged attempt to stop the import and sale of specific phones; But as I said, it would be pointless if the alleged backdoor's can't be found. Sometimes we need to step back,take a deep breath and use some common sense before we speak, or in this case posts.
I would like to share a quote from Abraham Lincoln
"It is better to remain silent and thought a fool, than to speak and remove all doubt"
This is one of my favorite quotes because far to often, especially in the time of Facebook, Twitter, Google+ and forums for every topic known to man, people are far to fast to blurt out the first thing that comes to mind; Giving little or no thought to what they are actually saying. Only the first paragraph is meant for the post I am commenting on. The rest is for all of you, especially the quote by president Lincoln. Remember, don't "remove all doubt".

Posted via Android Central App

AceXMachine says:

Not to throw another coal on the fire, but putting a backdoor in the Android code would be like putting a backdoor on the 2nd floor of a house. Blatantly obvious and easily blocked/sealed. I would be much more concerned about chipset/radio firmware which is not easily accessible or open source. You got that covered and nothing else matters.