NSA, German government using Android for secure phones
At the RSA Conference last week, the US National Security Agency (NSA) released specifications for their secure Android-based phone network called Project Fishbowl. Similarly, the German government is now switching their secure smartphone solutions from Windows Mobile and Symbian to Android.
The NSA system is running on customised Android phones manufactured by Motorola that employ multiple layers of encryption and send all traffic through various VPN tunnels. The phones also include a specialised VoIP app instead of the usual Android dialler and all traffic to and from the device is logged. The NSA is emphasising that the system is not necessarily tied to Android – the platform was apparently selected because it is easy to modify.
Meanwhile, it was revealed at CeBIT that the German government is using two separate solutions to provide secure phones to government officials: a system called SiMKo from T-Systems and the SecuSUITE made by Secusmarts. Both systems are from German companies and were originally developed for different operating systems (SiMKo for Windows Mobile and SecuSUITE for Symbian); they are now being adapted for Android. According to the two companies, the phones use special microSD cards to hold the cryptographic keys and certificates needed to encrypt traffic – the technology could not be adapted for Apple's iPhone since it lacks a microSD slot.
Earlier this year, the NSA released their security-enhanced version of Android. With these latest developments, it seems that the operating system is being adopted by an increasing number of organisations looking for end-to-end security for their smart phones. This appears to be mostly because of the many hardware options available as well as the ease with which the open source OS can be customised.