The NSA Has Inserted Its Code Into Android OS, Or Three Quarters Of All
Smartphones
Zero Hedge
July 10, 2013
Big brother supervised fun never stops in Stasi 2.0 world.
Over a decade ago, it was discovered that the NSA embedded backdoor
access into Windows 95, and likely into virtually all other subsequent
internet connected, desktop-based operating systems. However, with the
passage of time, more and more people went mobile, and as a
result the NSA had to adapt. And adapt they have: as Bloomberg reports,
The NSA is quietly writing code for Google's Android OS.
Is it ironic that the same don't be evil Google which went
to such great lengths in the aftermath of the Snowden scandal to wash
its hands of snooping on its customers and even filed a request with the
secretive FISA court
http://www.zerohedge.com/news/2013-06-18/google-challenges-surveillance\
-gag-order-squares-nsa-secrecy-against-first-amendment asking
permission to disclose more information about the government's data
requests, is embedding NSA code into its mobile operating system, which
according to IDC runs on three-quarters of all smartphones shipped in
the first quarter? Yes, yes it is.
Google spokeswoman Gina Scigliano confirms that the company has already
inserted some of the NSA's programming in Android OS. All
Android code and contributors are publicly available for review at
source.android.com. Scigliano says, declining to comment further.
From Bloomberg:
Through its open-source Android project, Google has agreed to
incorporate code, first developed by the agency in 2011, into future
versions of its mobile operating system, which according to market
researcher IDC runs on three-quarters of the smartphones shipped
globally in the first quarter. NSA officials say their code, known as
Security Enhancements for Android, isolates apps to prevent hackers and
marketers from gaining access to personal or corporate data stored on a
device.Eventually all new phones, tablets, televisions, cars, and other
devices that rely on Android will include NSA code, agency spokeswoman
Vanee' Vines said in an e-mailed statement. NSA researcher Stephen
Smalley, who works on the program, says, Our goal is to raise the
bar in the security of commodity mobile devices.
See, there's no need to worry: the reason the NSA is generously
providing the source code for every Google-based smartphone is for your
own security. Oh but it's open-sourced, so someone else will
intercept any and all attempts at malice. We forgot.
The story continues:
In a 2011 presentation obtained by Bloomberg Businessweek, Smalley
listed among the benefits of the program that it's normally
invisible to users. The program's top goal, according to that
presentation: Improve our understanding of Android security.
Well one wouldn't want their bug to be visible to users now, would
one
Vines wouldn't say whether the agency's work on Android and
other software is part of or helps with Prism. The source code is
publicly available for anyone to use, and that includes the ability to
review the code line by line, she said in her statement. Most of
the NSA's suggested additions to the operating system can already be
found buried in Google's latest releaseon newer devices
including Sony's Xperia Z, HTC's One, and Samsung
Electronics' Galaxy S4. Although the features are not turned on by
default, according to agency documentation, future versions will be. In
May the Pentagon approved the use of smartphones and tablets that run
Samsung's mobile enterprise software, Knox, which also includes NSA
programming, the company wrote in a June white paper. Sony, HTC, and
Samsung declined to comment.
Apple appears to be immune from this unprecedented breach of customer
loyalty, if only for now, although open-sourced Linux may not be as
lucky:
Apple (AAPL) does not accept source code from any government
agencies for any of our operating systems or other products, says
Kristin Huguet, a spokeswoman for the company. It's not known if any
other proprietary operating systems are using NSA code.SE for Android is
an offshoot of a long-running NSA project called Security-Enhanced
Linux. That code was integrated a decade ago into the main version of
the open-source operating system, the server platform of choice for
Internet leaders including Google, Facebook (FB), and Yahoo! (YHOO).
Jeff Zemlin, the executive director of the Linux Foundation, says the
NSA didn't add any obvious means of eavesdropping. This code
was peer-reviewed by a lot of people, he says.
But that's not all:
The NSA developed a separate Android project because Google's mobile
OS required markedly different programming, according to Smalley's
2011 presentation. Brian Honan, an information technology consultant in
Dublin, says his clients in European governments and multinational
corporations are worried about how vulnerable their data are when
dealing with U.S. companies. The information security world had been
preoccupied with Chinese
