In the latest update on NSA documents leaked by Edward Snowden, The Intercept is reporting on the surveillance establishment's efforts to use the Google Play Store to distribute spyware. Another fun fact from the data dump is that these agencies found and exploited a security hole in the ultra-popular UC Browser for years until an activist group informed its developers about it just about a month ago.
The information comes from a set of slides distributed to agency specialists in 2012 discussing plans for the use of mobile devices in surveillance. These initiatives were a cooperative between the so-called "Five Eyes" countries: USA, UK, Canada, Australia, and New Zealand. Read More
Who better to learn encryption from than the people who have actively tried to build vulnerabilities into encryption? Nobody, says the GCHQ, the British NSA equivalent that has released a free Android app called Cryptoy to teach children the basics of encryption. The app, designed for tablets, focuses on four basic techniques and allows users to create encrypted messages for sharing to friends to decode. Read More
Over the years, Google has been shoring up security on Android in a bid to make the operating system more attractive to governments and businesses, and to reduce the threat of malware for regular users. Unfortunately, these changes often come at the expense of flexibility in our beloved platform. As we close in on the next major release of Android, due to be announced next month, SuperSU developer Chainfire has discovered a set of commits to the Android Open Source Project (AOSP) that may seriously impact some of the functionality currently enjoyed by many root users. In a post on Google+, he describes how a set of recent changes to the SELinux implementation will completely cut off write access to system to anything but recovery. Read More
This is a pretty wild piece of news. Google, George Mason University, and the NSA are working to make Android the most secure OS out there. They're developing a "hardened" kernel so Android can pass all the necessary red tape to be deployed for government use. By 2012 they expect Android to be good enough for classified communication, and eventually they'll hit a higher security clearance level than BlackBerrys. Poor BlackBerry, security was one of the last things they had left.
It seems like all the heavy hitters are on board to deploy this super-secure version of Android. The Obama Administration, the FBI, the Justice Department, the Army, and first responders are all mentioned as interested parties. Read More