The Pentagon is shockingly bad at managing its employee smartphones The US Department of Defense has been rapped by the Pentagon's Office of the Inspector General for what amounts to pretty pisspoor management of government-issued smartphones. While Uncle Sam slowly wakes up to the fact there are mobile applications out there, like TikTok, that have privacy and security implications if …
Is an abomination IMO.
The Web has been built on principles of security. You wouldn't give a website access to your hard disk contents. (We all dumped ActiveX, Java and Flash into the incinerator of terrible security design..) You wouldn't download an EXE and run it.. Would you?
Yet, with so many Apps, that's exactly what we do.
Why the hell does Spotify need access to shared storage? Why (on most Android/Apple phones) can't I even see/control what files are being accessed?
Any "Secure, government issue" phone should be blocked from installing any "apps" whatsoever, past the stock selection issued by the IT department. If it were up to me, the ROM would remain just that: Read-only.
Er sorry but How much do people pay Spotify? It's about £8-£15 per month or the cost of buying one hardcopy album per month. And how much do they pay out to artists? Fractions of a penny. Why should they also get to sell my data? I pick on Spotify because I noticed yesterday that it has a 0/10 privacy rating on Exodus.
Paid-for apps still sell your data. Even Microsoft Authenticator apparently wants access to my SD card. Why? If a company is paying for Microsoft services, that shouldn't give them carte-blanche to data-mine that company and all its employees.
But yes what you say is true for things like TikTok and MetaFace - but those things need to be banned / launched into the sun in general, never mind just from government/corporate phones. Friends shouldn't let friends use Facebook.
Yeah. Thesis: "The Web has been built on principles of security". Counterarguments: Javascript. HTTP Basic Authentication. Every single page on owasp.org. Most of the CWE Top 25, in particular #2 and #9, which are specific to the web.
Web applications are a fucking security nightmare.
That said, mobile apps are also a fucking security nightmare.
exactly the same as every other government department I have worked for or with.
lots of talk about 'securing devices' but then people (usually senior people) complain that IT are 'too restrictive' in their approach and/or use their home/personal device for work
again and again
if someone can download it - they will
only thing that works (from a security PoV) is to block the download/install access - which doesnt work from a social/political PoV
twas ever thus
There's plenty of ways to lockdown phones. *
In the case of work phones provided by employer then employer just needs to go ahead & lock them down as tight as they want.
Relying on people to "do the right thing" will fail as people are fallible, if a proscribed app can be installed, someone will install it.
* Yes, there are ways to workaround some common lockdown methods on android (not an iPhone user so cannot comment on those), but then that takes the users who did that workaround into a whole different misconduct zone than someone who downloads a "dodgy app" because there is nothing preventing them.
The simplest 'workaround' is to have a second phone... which still doesn't help with security when the user stops using their official phone unless they really have to and carries out official business on their second phone because it doesn't present them with all the hassle of restrictions
And then someone with weight to swing around demands that their device be unlocked so they can use it properly. Others want the same when they hear about it. Pretty soon you're operating at least three levels of access permissions across the organisation, and support is that much harder. I can understand wanting to skip that.
There is a simple solution to this : stop handing out phones that have zero protection in place.
It's not only the Government, but it's the Department of Defense. If there is one institution in a country where you don't fool around, it's there.
The DOD should have software that locks the phones it gives out to only a set of applications. The Play Store should not be part of that set.
But of course, that means having actually thought about and planned something before handing out unsafe platforms, but hey, it's not like the DoD is in charge of the security of an entire nation.
Oh, wait . . .
What sort of nouveau-riche clod buys his (or her, but I'm guessing it's his) luxury yachts using an app? That alone should be a firing offense, on the grounds of an utter lack of taste. And the buyer and seller should be kicked out of the country club. And the yachts in question should be holed below the waterline.
Kids these days.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
