back to article Boeing plans super-secure Android smartphone for top echelons

Boeing is planning to launch an own-brand super secure Android smartphone for military, government, and high-level commercial users by the end of the year. Roger Krone, president of Boeing Network and Space Systems, told National Defense Magazine that this is probably the first time the company had got into the cellular phone …

COMMENTS

This topic is closed for new posts.
  1. BadBart
    Black Helicopters

    But will it contain all the Google spyware?

    I would be willing to pony up some $ if it was a private non-tracking, non-snooping, secure phone... sorta like my old Blackberry is/was.

  2. Lance 3

    What about the users?

    They will make the phone secure but in the end, it will be the apps that the users use on the phone that will be the downfall.

    1. bazza Silver badge

      Re: What about the users?

      Well, that nicely encapsulates the bind that RIM find themselves in.

      A corporate BlackBerry is normally configured by the corporation's IT bods to prevent loading of applications for this very reason. This makes BlackBerries 'boring'.

      Androids and iPhones generally let you add apps, which makes them 'exciting'. However allowing arbitrary third party software on to a corporate device means taking a risk of some sort.

      Boeing are right, there are organisations whose risk appetite is low meaning that they understandably don't like mainstream Android. But to fix that means placing RIM style restrictions on what the device can do, or having a multi-level security system of some sort.

      A hyper-visor approach may deliver (with some effort) a multi-level security system, but that's not likely to result in improvements to battery life. The only justification for it would be to allow people who require security to also use mainstream apps.

      The inevitable questions arising from that is "are spooks allowed some fun?", and "are spooks really incapable of carrying two phones?"

  3. Jeebus

    Google stealth or actual stealth?

    Google stealth being a B2 bomber who constantly phones home on a public connection, sends live GPS co-ordinates, available from a "beta" google page and dozens of tweets "Over Fallujah LOLZ" to top it off, also targeted ads.

    "I see you're flying a B2 over Fallujah, have you thought about Blackwater?"

    1. Anonymous Coward
      Anonymous Coward

      Given the amount of malware on Android and it's vulnerabilities , it's an easy guess that those who wish to do so can fly a plain into a building without much risk just hacking by Boeings Software.you're flying in. They don't have to to get in the plane any more.

  4. Anonymous Coward
    Anonymous Coward

    What no iMilitary

    Seems a bit wierd that they are not using an iPhone, I'm sure there would be more buy-in for a nice pretty phone.

    1. Anonymous Coward
      Anonymous Coward

      Re: What no iMilitary

      Reason:

      <pilot> "Siri, please shoot down that enemy aircraft".

      <Siri> "When would like me to book an appointment for that? Oh, and you've missed your wife's birthday"

      But it could be a cunning ploy! Sell it cheap all around the world and the only people who could use the kit in anger would be those with a Californian accent slightly slurred by years of experiencing LSD. There's a slim chance they might be American.

    2. The Man Who Fell To Earth Silver badge
      FAIL

      Re: What no iMilitary

      One reason to pick Android is for transparency of the OS. That fact alone makes Android the only widely used phone OS suitable for creating a truly a secure phone. If you can't examine the OS at all levels, you can't hope to try to insure it's security.

  5. Malcolm Weir
    Angel

    No, President Obama doesn't use a Blackberry...

    Senator, and Candidate, Obama used Blackberries.

    President Obama does not. He uses a General Dynamics Sectéra® Edge™.

    As to those who wonder why Boeing would select Android, the answer is simple: they can get Android and sweep the code line-by-line, add restrictions on what can be installed (like the app signing stuff that Windows 7 does), etc.

    The idea that anyone would use an iThing for secure applications is laughable: Apple deliberately keeps stuff close to their vest, and won't release the keys to iTunes, so there's no way to deliver trusted apps to a hypothetical "secure" iPhone.

    Oh, and the notion that Android is (inherently) full of malware and vulnerabilities is baseless. Sure, a lot of phones that run Android may well be, but the same is true of every other operating environment. The crux of the matter is that Google makes it possible to scrutinize Android, while Microsoft, RIM, and Apple do not...

    1. Anonymous Coward
      Anonymous Coward

      Re: No, President Obama doesn't use a Blackberry...

      Scrutinise your code for malware then

      http://www.androidauthority.com/beware-of-new-android-malware-claiming-to-be-system-upgrade-74969/

      http://www.ubergizmo.com/2012/04/updtbot-android-malware-discovered-spreads-through-sms/

      http://www.technolog.msnbc.msn.com/technology/technolog/study-android-malware-400-percent-123268

      I got bored of pasting after that.

      But all those extra eyeballs will help keep the code clean. It's teh openz!

    2. bazza Silver badge

      Re: No, President Obama doesn't use a Blackberry...

      @Malcolm Weir,

      "The crux of the matter is that Google makes it possible to scrutinize Android, "

      Er, not quite. According to the fount of all knowledge Wikipedia the current version of Android is 4.0.4, but Google have released the source only up to 4.0.1.

      Even if you could stay current with Google's releases (which you can't with Android because you need the manufacturers to keep up) you can't examine the source code you'd be running because Google don't release it at the same time the binaries hit the streets.

      Even then what you're running isn't what Google released, you're running something that was put together by the mobile manufacturers *based* on what Google released. You don't ever get to see their modifications (so far as I know).

      I don't see what Boeing hope to achieve. They're not going for a stronger Android that the mass market would adopt. They're aiming at a niche market. That niche will always accept lock down, restrictions; that's the price you pay to get security.

      That would appear to be a niche that RIM (as you point out, MS increasingly so) already fill well. RIM's Playbook (and I guess their future mobiles) even supports repackaged Android applications!

      I think Boeing is being carelessly vague. Whatever it is they think they'll be doing will at best be a major fork of Android. It will not *be* Android itself. But if it's not full fat fresh from the chocolate factory Android then it's not going to offer any advantage over the offering from RIM or MS. Both let you write/deploy your own niche-specific applications in mainstream-friendly ways (= cheap coders). 'Cheap coders' is all that the label 'Android' implies in this case anyway.

      Boeing may be able to offer a more secure product, but taking Android as a starting point will make their life very hard. Something like Greenhills' Integrity OS would be a better basis; layering Dalvik on top of that could produce something really quite interesting from a security point of view.

      1. NinjasFTW

        Re: No, President Obama doesn't use a Blackberry...

        Maybe Boing are going for an O/S that they know the code for because they wrote/analysed large chunks of it rather than assuming RIM have written it well.

        Besides, who things RIM will be around in 10 years time?

        And the fact is that if i was sufficiently motivated and knowledgable (im not) I build the original Android souce and install it.

      2. Charles 9

        Re: No, President Obama doesn't use a Blackberry...

        Well, IIRC most of the proprietary stuff in any given Android system falls to the hardware support--CPU, GPU, DSP, and chipset drivers and all the assorted custom stuff each manufacturer wants to put on their phone. This is stuff Boeing would have to do anyway for the hardware they intend to put on their proposed device (which I don't think will use a lot of common off-the-shelf tech).

        While the proposal appears to smack of internal cryptoprocessors and so on (IOW, all communications to and from the device will be encrypted), a good chunk of the security will have to come from the software--it's highly unlikely Google Play or any Google software will make it into these device. Indeed, I suspect part of Boeing's effort will be to create an application server that allows the head honchos to personally vet applications and only allow those it deems safe onto its network. The devices will then be configured to go to those servers rather than other vanilla servers.

  6. Anonymous Coward
    Anonymous Coward

    Daring move...

    The main issue which I see is that its fully build on top of an Open Source OS. While this has its obvious advantages (and I don't mean "free as in beer") it also comes with disadvantages. For example; 20 people working on a project could use 20 different coding styles thus making it harder to grok the exact inner working of the software component.

    But the most risk is the liability aspect itself I think. The well known "What if". What if something does go wrong and the government and military deem Boeing responsible? It doesn't matter here if we're talking Android, iOS, Symbian or even WP7... Obviously RIM has somehow managed to protect themselves from such claims (or evade them?). But can a new player on the market do the same?

    1. bazza Silver badge

      Re: Daring move...

      "But the most risk is the liability aspect itself I think"

      Believe me, even the most trustworthy of software platforms comes with an EULA that absolves the authors of all responsibility in all circumstances for any faults whatsoever, despite what the glossy brochure says. Boeing will be no different.

      Anyway in this arena it's not the author's word you trust in the first place. You test the product yourself against whatever information security standard (e.g. FIPS) suits your needs, or accept the word of some other trusted authority (e.g. the government) that has already done that testing. The more stringent your security requirements the harder that is to come by.

  7. Yet Another Anonymous coward Silver badge

    Microsoft can't even afford lobbyists?

    I remember a few years ago when the NSA were developing a super secure version of Linux - it suddenly got canceled in favour of the American government being free to buy any of the wide range of commercial OSes available on PCs from a small patriotic company in Redmond.

    1. bazza Silver badge

      Re: Microsoft can't even afford lobbyists?

      The result of that effort was SE-Linux, such as you find bolted into Fedora, Redhat, etc. It's an extension to Linux that allows you to set and enforce security policies on a system.

      Most people's practical exposure to it is the annoying dialogue boxes that still pop up in Fedora saying that some badly thought out policy has been breached, usually by some other standard part of the OS / desktop / services. In my limited experience it has a propensity to call wolf a lot...

  8. Robert E A Harvey
    Big Brother

    Questionable management

    "this is probably the first time the company had got into the cellular phone business "

    Probably?

    He's the President of the company and he doesn't know for definite?

    What else are they doing he's not told them about?

    1. bazza Silver badge

      Re: Questionable management

      Does he know about the $10,000 toilet seats?!?!

  9. Peter Clarke 1
    Coat

    Boeing Fanboi to .....

    Apple Fanboi -'You only paid what? I wouldn't use that piece of cheap tat!'

  10. g e
    Holmes

    "won’t be a mass-market device"

    No shit, we wouldn't want Sally on the street being able to secure her private information from the State, now, would we.

    1. John 137
      Paris Hilton

      Re: "won’t be a mass-market device"

      Here's Sally's review on Amazon after purchasing the phone:

      "i bought the phone bcuz i heard you cant get viruses but now i cant install angry bards (its like angry birds but better!!!!!!!!) the phone keeps saying stuff like this software is not approved and that its malware. this phone sucks!!!!!!!1"

  11. Robert Heffernan
    Thumb Up

    The upside

    There is an upside here, Boeing will be able to pay the best in field security experts to harden android beyond all belief. Now while a lot of their work won't be of use to the mass market, such as military grade encryption, it's the hardening of the kernel and dalvik VM that will benefit everyone due to the open source nature of the OS. If Boeing's work is backported into the mainline repo, Android will suddenly become one of the most secure platforms out there.

    1. bazza Silver badge

      Re: The upside

      Any improvement to Android would definitely be most welcome. It is the most fragile (from a security point of view) of the platforms out there.

      As for putting improvements back in the mainline, well that's fine so long as no one else (i.e. Google) then goes and modifies it to add some hey-new-whizzy feature that undoes all of Boeing's hard work. And just because it's in the mainline doesn't mean to say that millions of users are going to benefit. No, I suspect Boeing are going to have to maintain their own fork of Android if they want to have a long lasting product line.

      It's quite clear that Google didn't do enough analysis of Android security in the first place, nor think about how it could be improved. Maybe they didn't have to - they're earning good money out of it as it is. We all know that Android, uniquely, cannot be auto-updated in the field by Google. Until they fix that Android is always going to be behind the security curve, or stuck in some slow moving fork created by outfits like Boeing.

      1. Charles 9

        Blame the operators.

        Most of the time, it's the operators who demanded control over the handsets (like they did in the feature phone days) and pretty much told Google "no control, no deal". So Google either had to play ball or cede control of the phone market to Apple, whose iPhone was in such incredible demand that Apple COULD dictate terms (IOW, Apple didn't come to the operators, they came to Apple).

  12. Robin Bradshaw
    Black Helicopters

    Once you strip away the fluff

    Once you strip away the fluff of this press release it will more than likely turn out that boeing has contracted to build some android handsets to the NSA's Project fishbowl standards

    http://www.nsa.gov/ia/programs/mobility_program/index.shtml

    Presumably based on the SE android kernel

    http://selinuxproject.org/page/SEAndroid

    So more than likely somewhere like foxconn is going to make handsets for boeing for peanuts, boeing will then load their secure android firmware on them and sell them to the government at a $10k markup.

    So business as usual all round!

  13. Daniel B.

    Oh well

    At least they aren't trying to push iCrap to the military. Though the NSA seems to be smart enough to know that putting iThingys as "secure" smartphones is a bad idea.

    Though if the feds REALLY want secure smartphones, why don't they simply get the Sectera Edge? Come on dudes!

  14. 007_007

    The Swiss already have it: http://www.youtube.com/watch?v=sZzYDN1MRb8

  15. Magnus_Pym

    Boeing chose Andriod?

    What else would they use? Apple wouldn't let them look at the source code. Microsoft certainly wouldn't, RIM aren't American so that's them out of the pork barrel that Boeing sups from. Maego, Maemo, Symbian, No future.

    So it's either Android or roll your own. So not so much chose as picked the only option.

This topic is closed for new posts.

Other stories you might like