It seems like US government agencies have been showing much favoritism over Google’s Android OS in this year alone. First, there’s NASA’s plan to bring Android out of this world and also the news on Pentagon approving Android over Apple. The latest update today is that the National Security Agency (NSA) has just launched the SE Android, which is actually a security-enhanced version of the OS. The big difference about this OS from a normal Android device is that this provides and enforces a stricter access-control policy.
The new and secured platform was patterned after the agency’s previous research into mandatory access controls that led to the development of the Security-Enhanced Linux project in 2000. The project, SE Linux, led to an array of Linux kernel security modules and other tools capable of giving a flexible mechanism for limiting the resources that users and applications are able to access. A few years later and several of the low-level SE Linux modifications have already been merged along with the official Linux kernel, which were also ported to FreeBSD and Solaris.
Originally, plans of porting the SE Linux to Android was revealed by the NSA in last year’s Linux Security Summit. It was only last January 6 when they finally released the first version called SE Android. The ultimate goal of the SE Android is to improve the application security model of Android, which is also based on a default Linux discretionary access control. With this, an application simply needs to be operated by a user in order to access the files and resources available to him.
The launch of the SE Android will also start enforcing better sandboxing compared to what is currently available in the latest Android versions.
‘Security Enhanced (SE) Android is a project to identify and address critical gaps in the security of Android,’ said NSA.
When used, SE Android will isolate individual apps from one another. As a result, it will mitigate problems which have been launched by malicious applications, as well as prevent these apps from gaining access to system resources, perform security checks, and ensure proper permission levels. Each device’s files and folders can now be individually locked and encrypted. Moreover, mobile and WiFi network security features have been improved.
As designed, SE Android would isolate applications from each other, mitigate problems introduced by flawed or malicious applications, prevent applications from accessing system resources, ensure proper permission levels and perform security checks. Every file and folder on the device can be individually locked and encryprted, and WiFi and mobile network security features have been enhanced.
Sadly, it is not as simple and straightforward to install SE Android on devices. This is because SE Android project has not provided pre-compiled builds yet. Instead, users need to download and build the official Android Open Source Project source code before syncing their AOSP clone with the SE Android.
For more information about this, visit this forum.