updated 11:30 pm EDT, Tue June 26, 2012
Thousands of installs testing 'beyond the wire' in Afghanistan
Fairfax, Va. contractor Invincea, known for malware detection and network security, has been awarded a $21.4 million contract to find a way to secure Android. The Defense Advanced Research Projects Agency (DARPA), and the US Army Research Laboratory (ARL) sought development teams to secure the smartphone and tablet OS for military use in an initiative called "Mobile Armor." Invincea is planning on migrating developments in its research to commercial and consumer products as well.
Physical loss of the device is a concern. "They [DARPA] are really worried about loss of the device," says Invincea CEO Anup Ghosh. "God forbid you are captured and you lose the device that way." Early versions of the security-centric modified Android core are being tested in Afghanistan. Invincea is focusing on controlling access to the device so that only pre-selected applications can run. The "white list" approach narrows the focus of the second aspect of the security program, detecting attacks that attempt to exploit the approved applications and limiting the damage of those attacks.
While Apple has been considered amongst the most secure of mobile devices and a candidate for US military use, the company refused to divulge the source code for governmental modification. Without the source code, changes demanded by the military and federal staffers using the devices couldn't be made. The NSA also has a custom version of Android with similar, but not identical, security features to the Invincea product.