Open Source software and operating systems have positive and negative attributes, but one major positive is the ability to completely customize the solution to meet your needs.
And according to an article at SC Magazine, that is EXACTLY what the NSA is doing.
Before this solution, NSA employees:
would previously need to “speak in code” if using a commercial mobile device to discuss classified information.
The initial plan was to cobble together a string of off-the-shelf solutions to come up with a total secure package … and not surprisingly that was a disaster. But switching to using Android as an operating system allowed them to tear out the things that didn’t work or were insecure, and add in only those things that DID work.
As always there were issues:
The Information Assurance Directorate ran into a string of problems during the build due to a lack of interoperability between vendor products.
Salter said a lack of interoperability between SSL VPN options forced designers to use IPSEC.
Several other compromises were made but none that reduced the security of the phone, Salter said.
And ultimately they came up with a package that meets security requirements and is still a fully functional device.
They were able to find a ‘third route’ other than vetting third party apps or simply disabling app installs:
Users will be able to install defence applications on the device from an enterprise app store run by the US Defence Information Systems Agency. This would ensure only secure applications were installed, and remove the need for NSA staff to otherwise vet the integrity of third party applications.
The other reason I love this is it shows creativity and initiative. Previously a government agency would have contracted a private manufacturer to come up with the solution, which would meet all the requirements but be the most dreadful device ever in terms of daily use. This solution meets the security requirements, doesn’t look like something ‘ultra secure’, and retains enough Android identity to be worth using!