Home

Share this Story

NSA Releases ‘Security Enhanced Android’, Offering Government Level Protection For Your Device

Do you sometimes feel that your phone just isn’t as secure as it should be? Then allow me to introduce Security Enhanced Android (SEA), brought to you by the wonderful folks over at the National Security Agency (NSA). Taken from the AOSP and then beefed up to withstand any type of security breach, SEA is invulnerable to most types of malicious 3rd party apps that most people would fear. 

Security Enhanced Android offers:

  • Per-file security labeling support for yaffs2,
  • Filesystem images (yaffs2 and ext4) labeled at build time,
  • Kernel permission checks controlling Binder IPC,
  • Labeling of service sockets and socket files created by init,
  • Labeling of device nodes created by ueventd,
  • Flexible, configurable labeling of apps and app data directories,
  • Userspace permission checks controlling use of the Zygote socket commands,
  • Minimal port of SELinux userspace,
  • SELinux support for the Android toolbox,
  • Small TE policy written from scratch for Android,
  • Confined domains for system services and apps,
  • Use of MLS categories to isolate apps.

Feel like learning more about Security Enhanced Android and maybe even loading it onto your device? Then check out the source right here.

Via: XDA

  • Scofield1

    Think this through. Why does the NSA care about your browsing or what is on your phone. Sorry Lex Luthor, they don’t care very much about you.

  • mary

    @marcusmaximus04:disqus mandatory access control … my co-worker’s step-aunt makes $69/hour on the internet. She has been out of work for 5 months her paycheck was $9115 just working on the laptop for a few hours. Here’s the site to read more… MakeCash2.com

  • Anonymous

    and then they can submit it for merging with aosp so all android releases become this secure right?

  • Richard Rivas

    “That is why you inspect the code” someone wrote, you might as well ask us to read Chinese while your at it. That’s always been my Gripe of rooted phones and some yahoo creating new applications being the best and greatest and we don’t have any clue what the code or codes might be doing unsuspectedly on us.
     
    You know what they say “The cheap always comes out expensive in the End”.

  • Woobaker

    be nice if Google just incorporated this into ICS. why not have the safest system. tlak about a boost to businesses and govt sales

  • Anonymous

    Im just glad they made it so easy to understand…

  • Anonymous

    Back door galore in that mofo!

  • Crysistheater

    Alright, so I’m busy reading a book called Shadow Factory, it’s about how since 9/11 the NSA has been tapping AT&T and other companies’ cables so it can monitor 100% of the emails, phone calls, and text messages coming into and leaving the United States. And they do this without any warrants. I would bet my bottom dollar this app has a backdoor built into it. Why the f$#@ would the NSA spend time developing an app for Android to help people secure their phones? They don’t care about smartphone users. They care about signals intelligence. 

    • TC Infantino

      Actually, I hate to break it to you but the NSA had server farms in deeply refridgerated warehouses in VA for years before 9/11.  Almost all emails sent through the major ISPs were copied and saved in buffer servers until they could be filtered for specific flag words or phrases.  Emails that were flagged were then routed through even more filters, and those that met certain criteria were then saved for human review.  This has been going on since AOL handed out free disks, and Netscape and Compuserve were big players in the ISP game.

      • http://pulse.yahoo.com/_SNOLUJPJNLFYPC2PDI2NC3LXUE point.blank

        They do all that and still couldn’t prevent the catastrophe that took place that day.

      • http://twitter.com/ryocoon Kurtis Whittington

        Ahhh, the old “Carnivore” thing, eh? I still see people with sigs that say things like “Bomb Gun Assaination Plot Hack Destruction… Hi Carnivore!” to this day. The good thing is theories about Carnivore spurred a lot of people to start taking crypto and security seriously. Which is a good thing by itself.

        • TC Infantino

          I do agree that taking security seriously is a good thing. I know all about crypto and security, it was my career while I was in the USAF.  I believe the name Carnivore came from that movie Swordfish, which was a great movie for many reasons, though I doubt many people really believed that reference was to a real program.  It is just a movie after all. 

          • http://twitter.com/ryocoon Kurtis Whittington

            I giggled when I heard them reference Carnivore in “SwordFish”. The talk of Carnivore was around loooong before that movie, even with that name. I heard about back it being set up back when I was dialing into BBSs at 2400 and then 9600 and higher. Kipping around on FidoNet and early USEnet newsgroups. Carnivore has been such an urban legend for such a long time that nobody takes it truly seriously anymore. The sheer volume it would have to contend with now-a-days would be so staggering that not even massive server farms and super computers could truly deal with it, let alone human verification to prevent false positives. 

    • no in particular

      Obviously no.   Its fully inspectable source code, not compiled code…. not like Windoze or Mac or iOS or …..  where backdoors / vulnerabilities can placed and hidden.

  • Kak1004

    Does This VOID our warranty? =P

  • http://thisisjohncoffey.com GRAND MASTER SEN$Ei {{-_-}}™

    Instructions are REALLY LONG. Get back @ me when there’s an app. {{-_-}}

    • Anonymous

      Won’t happen. Stop being lazy.

  • mostKnownUnknown

    I think most people are doing the freak out since people only see “US Gov Agency + My Favorite Phone OS = Skynet”. Lemme hope to clarify things most people.

    The NSA has already contributed to Security Enhanced Linux (SELinux). SELinux is a set of kernel modules to Linux to allow security admins better control which components have access to resources. It is means for security admins to define a level of mandatory access control (see wikipedia).

    SELinux is already in the mainline Linux code. The open source Linux community has already combed over the NSA code enough to allow it into the mainline. Also since it is in the Linux mainline, Android already implements some of the NSA’s goals for a sercure OS. Security Enhanced Android has some extra extensions that NSA felt necessary (most of which seem to be logging extentions).

    SEA primarily helps business and government agencies which have security admins who needs these tools. Also, it makes it easier to build military computer equipment based upon Android since SEA will meet more standards which will make it easier for ruggedized Android-based devices to be used by soldiers. This is big for battlefield commanders which want to make sure that if their computer equipment becomes lost or stolen does not create a security risk. Some head will roll if a stolen Android tablet gave away battlefield sniper positions.

    This does have the possibility to make it hard for us to root a device should phone manufacturers choose to implement this. But since most of the changes are logging, I can’t see it really affecting the community’s root efforts.

    I’m not saying the Big Brother isn’t already spying on us. I’m just saying before you unleash your pitchforks, at least try to figure out what is you want to poke.

  • Anonymous

    And who said Big Brother doesn’t care?

  • Jason

    This is the NSA guys.  Do you really think they need you to install an app to watch your boring little butt?

    • http://pulse.yahoo.com/_SNOLUJPJNLFYPC2PDI2NC3LXUE point.blank

      Why not?

      See: Homeland Security watches Twitter, social media

      • Granted

        Which is just one minor reason I don’t use any social networking sites or any iterations of them.

  • lostsync

    This is really cool. I hope some of this makes it upstream. Security is never a bad thing. Except that one time FileVault decided it was time to reencrypt $HOME right before a major laptop-required project commenced, thus locking me out of my powerbook for a good 4 hours in the middle of the work day.

  • mostKnownUnknown

    Not a big deal. The NSA has contributed before to open source OS security in the form of SELinux and SELinux has been in the Linux mainline for years. It’s good that they are looking into Android too.

    It also means for me working as a government contractor, we can produce ruggedized Anrdoid tablets that meet most of the security requirements as a battlefield device. I’d love to see soldiers look at situational awareness maps on a tablet with multitouch features. Better Android than IOS.

  • Jake Gall

    I never accept aid from the government nor do I trust them, especially with the recent passage of NDAA that obama signed on december 31st

    • Anonymous

      Yea because is totally related to the NDAA /s

    • not as much a dork as most

      No aid?  I guess you never drive on a road, walk on a sidewalk, listen to radio, use the Internet…. oh wait

  • Anonymous

    As someone who already works for the government….Ill keep this huge bucket of FAIL far away from my phones. I can only imagine the horrible buggy mess it would turn into. 

    It would be like turning every phone into a Droid X2.

  • TROLOLOL

    CarrierIQ, is that you?

  • Anonymous

    CM9 SEA Edition?

  • http://twitter.com/Rasty_Plus rasty++

    epic HELL… yehaaaa

  • Idiopos

    Hell @#$% NO! It sounds like a good way for “big brother” to keep an eye on us!

    • http://twitter.com/JBod Justin

      That was my first thought. Then I remembered that they are secretly running all of the TelCos and already  know everything. Bloody bastards.

  • Jason Naylor

    I read AOSP as SOPA and was flushed with anger for approximately 2 seconds

  • MPS623

    THIS HAS AREADY BEEN BLOCKED DUE TO S.O.P.A.

  • drinksprite

    yea eff that. its bad enough theyre already listening to our phone calls

    • Big Red

      I totally agree with that! Scary thing is if they get ahold of your phone they can activate the speaker or cameras to have eyes and ears on what your up too….

      • drinksprite

        exactly! i remember a couple years ago some NSA employees got in trouble cuz they kept listening to people have phone sex and were making fun of them

      • Anonymous

        Crazy right. It used to be you see something on TV and think, “Damn, that’s crazy they could do that,” but know it’s just a movie, so not think twice about it. Now when I see TV shows or movies, I think “Wow, they actually can do that!” and then wondering how many people are being spied on with their own device.

  • Anonymous

    I’m going to just smile and pretend I understood half that.

  • Anonymous

    I wonder if this will be the beginning of the end for Blackberry (if they weren’t on a downward spiral already). Here you have a home-brewed kernel superior in terms of security (maybe?) ripe for adoption by other govt. agencies. Once that happens, which realistically could take eons, it’s only a matter of time before corporations pick it up as well. Seems like a recipe for disaster for RIM if they lose market share to what is surely their bread and butter (BES).

  • Trian1

    What this means is that government agencies can begin using Android devices rather than being limited to Blackberry.

    I think….

  • Anonymous

    This is pretty cool.

  • Shamevertson

    NOICE MATE!

  • http://twitter.com/ranwanimator Randall Wanamaker

    Yeah but would you trust the NSA to not have put in a back door to spy on your device?

    • http://twitter.com/ryocoon Kurtis Whittington

      That is why you inspect the code, have other people inspect it, and don’t use pre-compiled binaries. The NSA has been contributing to the OpenSource community and the SELinux project for ages. TBH, I trust the NSA more than a lot of other gov’t agencies.

      • http://www.facebook.com/people/James-Kirk/1386021939 James Kirk

        where do i download this? is it in the market?

        • http://twitter.com/ryocoon Kurtis Whittington

          Ummm, no. This is not an add-on to your every day Android phone. This is deeeeeep-down changes to how the OS runs in order to raise security by a very large amount. It does cost more processing power and incur more lag as a result. If you wanted to use such code, you would have to get a copy from the repository and then work to fit it in with your specific model of phone, and then compile it yourself (or find a Dev that will do so, etc).

          You aren’t going to find this in Android market. If you think so, then this kind of stuff is _REALLY_ not for you.

  • Anonymous

    Amazing

  • http://twitter.com/savvasdalkitsis Savvas Dalkitsis

    and a back door for the NSA to peek into your phone and communications…

    • http://www.droid-life.com Tim-o-tato

      Hey, that’s the American government you’re talking about! You can trust them! :)

      • Anonymous

        LMAO!

    • http://twitter.com/trsohmers Thomas Sohmers

      The whole point of it being open source is so that we can look in and see if there is anything like that… I did a quick skim of it yesterday, and didn’t see anything suspicious… will be checking over it more this weekend, though.

      • Anonymous

        Are you sure it’ll be that easy to find something suspicious? I mean, it wasn’t until recently that people knew about Carrier IQ…

        • Anonymous

          And Carrier IQ didn’t tend to be in the open source parts of android. Totally different situation.

          • Anonymous

            Yes but the only parts that will get on our phones will be the open-sourced parts…

          • Anonymous

            What? Right now the only way to get this version of Android seems to be to compile it yourself.

          • Anonymous

            Ergo only open sourced parts will find it on our phones….

          • KevinC

            you can’t reason with stupid, droidman101 ;)

          • Anonymous

             Actually marcus has the point, I think droidman is confused. Marcus replied to universeking that we will find if anything is in this because its open source unlike for carrierIQ then droidman’s reply was confusing’

          • not as much a dork as most

            CarrierIQ is compiled code AND placed/hidden by vendors into a somewhat locked-down device, duh.  Fear Verizon, AT&T, etc….

    • Anonymous

      And you can prove that without a doubt? No? Didn’t think so.

  • Anonymous

    This sounds cool. If would be even more cool if I undertsood half of it…