The US’ DARPA military research agency has contracted security firm Invincea to create a secure version of Android for mobile military devices
Worried about the loss and theft of classified information on mobile devices, the Defence Advanced Research Projects Agency (DARPA) has awarded a $21.4 million (£13.7m) contract to create a locked-down version of the Android operating system for use in the field, says security firm Invincea, which won the contract.
Under the project, dubbed “Mobile Armour”, the company has four years to create a version of the popular mobile device OS that can be used by the US Army and other government agencies. The company is working with other federal civilian contractors and defence agencies on the development of secure Android smartphones for deployment in both office environments as well as in the field.
Threats going mobile
“What DARPA is now signaling to the market is that the threat that has targeted desktops in military networks is now moving to mobile devices,” said Invincea chief executive Anup Ghosh. “And we anticipate that we will see similar types of exploits… that will drop code and own the device.”
Invincea is focusing on two facets of security in the project. The first is controlling the device so that only a certain limited list of applications can run. This type of whitelisting technology is a common approach in security-conscious corporations. The second focus is detecting attacks that attempt to exploit those approved applications and limiting the damage of such attacks.
For the military, another big concern is lost devices falling into enemy hands, said Ghosh.
“They are really worried about loss of the device,” says Ghosh. “God forbid you are captured and you lose the device that way.”
Invincea already has an early version of the operating system running in the field in Afghanistan on thousands of phones, he says. Ghosh could not give details of the implementation, such as whether the Army deploys their own base stations, but said that the phones have to evade disruption and detection so as to not give away their positions.
“They are using military apps, I can’t say what they are, but they are specifically for patrols,” said Ghosh.
The fact that the US military is looking at Android devices is not surprising considering the current trend of bring your own device (BYOD) that is forcing IT departments to deal with a wider range of devices within the corporate network.
Android security risks
While the iPhone is probably the most popular smartphone invading companies, Android is catching up. This week, with the release of the Android-based Samsung Galaxy S III, the company offered what it calls Samsung Approved for Enterprise (SAFE), which offers features such as 256-bit Advanced Encryption Standard (AES) encryption.
Still, Android is not known for its security. According to one earlier study, Android malware increased by about 3,000 percent in 2011, as these devices have grown in popularity.
Google has adjusted its security policies to address these issues, with a scanning service such as Bouncer, which checks apps for malicious behaviour. Google says that the number of users affected by malicious Android apps has fallen 40 percent in the last year.
In March, Google hired Regina Dugan, who served as a DARPA programme manager for five years and, most recently, as director, to fill a senior executive position.
How well do you know your tablets? Take our quiz.