The NSA is spying on your Android OS or three quarters of all smartphones
Over a decade ago, it was discovered that the NSA embedded backdoor access into Windows 95, and likely into virtually all other subsequent internet connected, desktop-based operating systems. However, with the passage of time, more and more people went "mobile", and as a result the NSA had to adapt. And adapt they have: as Bloomberg reports, "The NSA is quietly writing code for Google’s Android OS."
Is it ironic that the same "don't be evil" Google which went to such great lengths in the aftermath of the Snowden scandal to wash its hands of snooping on its customers and even filed a request with the secretive FISA court asking permission to disclose more information about the government’s data requests, is embedding NSA code into its mobile operating system, which according to IDC runs on three-quarters of all smartphones shipped in the first quarter? Yes, yes it is.
Google spokeswoman Gina Scigliano confirms that the company has already inserted some of the NSA’s programming in Android OS. "All Android code and contributors are publicly available for review at source.android.com." Scigliano says, declining to comment further.
From Bloomberg:
Through its open-source Android project, Google has agreed to incorporate code, first developed by the agency in 2011, into future versions of its mobile operating system, which according to market researcher IDC runs on three-quarters of the smartphones shipped globally in the first quarter. NSA officials say their code, known as Security Enhancements for Android, isolates apps to prevent hackers and marketers from gaining access to personal or corporate data stored on a device. Eventually all new phones, tablets, televisions, cars, and other devices that rely on Android will include NSA code, agency spokeswoman Vanee’ Vines said in an e-mailed statement. NSA researcher Stephen Smalley, who works on the program, says, “Our goal is to raise the bar in the security of commodity mobile devices.”
See, there's no need to worry: the reason the NSA is generously providing the source code for every Google-based smartphone is for your own security. Oh but it's open-sourced, so someone else will intercept any and all attempts at malice. We forgot.
The story continues:
In a 2011 presentation obtained by Bloomberg Businessweek, Smalley listed among the benefits of the program that it’s “normally invisible to users.” The program’s top goal, according to that presentation: “Improve our understanding of Android security.”
Vines wouldn’t say whether the agency’s work on Android and other software is part of or helps with Prism. “The source code is publicly available for anyone to use, and that includes the ability to review the code line by line,” she said in her statement. Most of the NSA’s suggested additions to the operating system can already be found buried in Google’s latest release—on newer devices including Sony’s Xperia Z, HTC’s One, and Samsung Electronics’ Galaxy S4. Although the features are not turned on by default, according to agency documentation, future versions will be. In May the Pentagon approved the use of smartphones and tablets that run Samsung’s mobile enterprise software, Knox, which also includes NSA programming, the company wrote in a June white paper. Sony, HTC, and Samsung declined to comment.
Google’s Android smartphone operating system uses source code contributed by the US National Security Agency. Especially in the post-Edward Snowden era, that’s a red flag for Beijing, and helps to explains why China has been so eager to encourage the growth of non-Android smartphones within its borders.
Security Enhancements for Android is one of several projects that the US spy agency contributes to open-source operating platforms. Ostensibly, the NSA’s addition to Android is designed “to raise the bar in the security of commodity mobile devices,” an NSA researcher told Bloomberg Businessweek. And indeed, anti-hacking protection is actually what the spy organization is supposed to be providing.
But you can bet that Beijing is dubious about the NSA’s stated aims, especially after news that the US agency hacked millions of Chinese SMS messages and is working closely with American technology firms. Even before Snowden’s leaks, China was directing stinging criticism towards Google and Android—used in at least three quarters of China’s mobile handsets—and accusing it of “commercial discrimination” against Chinese companies. Apart from security concerns, Beijing is also keen to promote its own fast-growing tech companies, some of which are chafing at Google’s dominance.
What can Beijing actually do about Android? The first hints were released in a government white paper in March that urged local Internet firms like Baidu, Huawei, Alibaba to develop their own operating systems or at least an independent variant of Android. But such offerings are probably years away.
In the meantime, NSA submissions to Android are freely available* for intense examination by anyone who wants to look. So until China’s mobile OS is ready, perhaps its Ministry of State Security should start making its own Android submissions—it’s only fair that the People’s Republic contribute to the open source software it is using so heavily.
http://qz.com/102346/no-wonder-china-is-worried-about-android-the-nsa-helped-write-its-source-code/
http://www.zerohedge.com/news/2013-07-09/nsa-has-inserted-its-code-android-os-bugging-three-quarters-all-smartphones