Personally, I'm rather hoping on some kind of OS virtualization scheme allowing you to run parallel (but isolated) policies in the same unit using a stock version of the mobile OS.
There are other sectors that have similar needs but cannot afford specific devices or OS reflashing such as health-care, banks and the police. With the advances in HW this is at least not technically impossible. VMWare has already show-cased their take on this matter. Anders On 2012-06-29 04:50, Jeffrey Walton wrote: > http://www.cioinsight.com/c/a/Latest-News/DARPA-Wants-to-Lock-Down-Android-Smartphones-for-Military-Use-833039/ > > Worried about the loss and theft of classified information on mobile > devices, the Defense Advanced Research Projects Agency (DARPA) has > awarded a $21.4 million contract to create a locked-down version of > the Android operating system for use in the field, says security firm > Invincea, which won the contract. > > Under the project, dubbed Mobile Armor, the company has four years to > create a version of the popular mobile device OS that can be used by > the U.S. Army and other government agencies. The company is working > with other federal civilian contractors and defense agencies on the > development of secure Android smartphones for deployment in both > office environments as well as in the field. > > "What DARPA is now signaling to the market is that the threat that has > targeted desktops in military networks is now moving to mobile > devices," said Invincea CEO Anup Ghosh. "And we anticipate that we > will see similar types of exploits ... that will drop code and own the > device." > > Invincea is focusing on two facets of security in the project. The > first is controlling the device so that only a certain limited list of > applications can run. This type of whitelisting technology is a common > approach in security-conscious corporations. The second focus is > detecting attacks that attempt to exploit those approved applications > and limiting the damage of such attacks. > > For the military, another big concern is lost devices falling into > enemy hands, said Ghosh. > > "They are really worried about loss of the device," says Ghosh. "God > forbid you are captured and you lose the device that way." > > Invincea already has an early version of the operating system running > in the field in Afghanistan on thousands of phones, he says. Ghosh > could not give details of the implementation, such as whether the Army > deploys their own base stations, but said that the phones have to > evade disruption and detection so as to not give away their positions. > > "They are using military apps, I can't say what they are, but they are > specifically for patrols," said Ghosh. > > The fact that the U.S. military is looking at Android devices is not > surprising considering the current trend of bring your own device > (BYOD) that is forcing IT departments to deal with a wider range of > devices within the corporate network. While the iPhone is probably the > most popular smartphone invading companies, Android is catching up. > This week, with the release of the Android-based Samsung Galaxy S III, > the company offered what it calls Samsung Approved for Enterprise > (SAFE), which offers features such as 256-bit Advanced Encryption > Standard (AES) encryption. > > Still, Android is not known for its security. According to one earlier > study, Android malware increased about 3,000 percent in 2011, as these > devices have grown in popularity. Google has adjusted its security > policies to address these issues, with a scanning service such as > Bouncer, which checks apps for malicious behavior. Google says that > the number of users affected by malicious Android apps has fallen 40 > percent in the last year. > > In March, Google hired Regina Dugan, who served as a DARPA program > manager for five years and, most recently, as director, to fill a > senior executive position. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
