back to article The Pentagon is shockingly bad at managing its employee smartphones

The US Department of Defense has been rapped by the Pentagon's Office of the Inspector General for what amounts to pretty pisspoor management of government-issued smartphones. While Uncle Sam slowly wakes up to the fact there are mobile applications out there, like TikTok, that have privacy and security implications if …

  1. Evil Auditor Silver badge
    Trollface

    How is that news?

    SCNR

    1. Yet Another Anonymous coward Silver badge

      > communication applications that have been exploited by violent extremists

      Like the mail, I believe that this may have been used in organising the original colonial treason

      1. An_Old_Dog Silver badge

        The Pentagon Mindset is Like Schroedinger's Cat

        It simultaneously does, and does not, understand the meaning of the phrase, "dual use."

  2. ecofeco Silver badge

    I'm not surprised

    I once worked on a regional government mobile phone deployment. Several thousand phones.

    I will never, ever make that mistake again.

  3. cyberdemon Silver badge
    Devil

    The entire App model

    Is an abomination IMO.

    The Web has been built on principles of security. You wouldn't give a website access to your hard disk contents. (We all dumped ActiveX, Java and Flash into the incinerator of terrible security design..) You wouldn't download an EXE and run it.. Would you?

    Yet, with so many Apps, that's exactly what we do.

    Why the hell does Spotify need access to shared storage? Why (on most Android/Apple phones) can't I even see/control what files are being accessed?

    Any "Secure, government issue" phone should be blocked from installing any "apps" whatsoever, past the stock selection issued by the IT department. If it were up to me, the ROM would remain just that: Read-only.

    1. Yet Another Anonymous coward Silver badge

      Re: The entire App model

      Because without harvesting your contacts, movements and web traffic they have no data to sell to fund their operations.

      Its not like anyone is going to pay for software

      1. cyberdemon Silver badge
        Mushroom

        Re: The entire App model

        Er sorry but How much do people pay Spotify? It's about £8-£15 per month or the cost of buying one hardcopy album per month. And how much do they pay out to artists? Fractions of a penny. Why should they also get to sell my data? I pick on Spotify because I noticed yesterday that it has a 0/10 privacy rating on Exodus.

        Paid-for apps still sell your data. Even Microsoft Authenticator apparently wants access to my SD card. Why? If a company is paying for Microsoft services, that shouldn't give them carte-blanche to data-mine that company and all its employees.

        But yes what you say is true for things like TikTok and MetaFace - but those things need to be banned / launched into the sun in general, never mind just from government/corporate phones. Friends shouldn't let friends use Facebook.

    2. David Nash

      Re: The entire App model

      "The Web has been built on principles of security" - Really? It looks to me as if it's had security added on as an afterthought, with many lessons learned along the way.

      1. Michael Wojcik Silver badge

        Re: The entire App model

        Yeah. Thesis: "The Web has been built on principles of security". Counterarguments: Javascript. HTTP Basic Authentication. Every single page on owasp.org. Most of the CWE Top 25, in particular #2 and #9, which are specific to the web.

        Web applications are a fucking security nightmare.

        That said, mobile apps are also a fucking security nightmare.

  4. Yet Another Anonymous coward Silver badge

    Moscow rules

    In the old days George Smiley would have to drop a microfilm of him doing a tiktok dance in a hollowed out tree and Hampstead heath, and all the other spies would have to queue up to retrieve it.

  5. scubaal

    same old same old

    exactly the same as every other government department I have worked for or with.

    lots of talk about 'securing devices' but then people (usually senior people) complain that IT are 'too restrictive' in their approach and/or use their home/personal device for work

    again and again

    if someone can download it - they will

    only thing that works (from a security PoV) is to block the download/install access - which doesnt work from a social/political PoV

    twas ever thus

  6. Potemkine! Silver badge

    Pr0n, Pr0n and more Pr0n.

    And Chinese apps too.

    Sweet.

  7. tiggity Silver badge

    I never understand this

    There's plenty of ways to lockdown phones. *

    In the case of work phones provided by employer then employer just needs to go ahead & lock them down as tight as they want.

    Relying on people to "do the right thing" will fail as people are fallible, if a proscribed app can be installed, someone will install it.

    * Yes, there are ways to workaround some common lockdown methods on android (not an iPhone user so cannot comment on those), but then that takes the users who did that workaround into a whole different misconduct zone than someone who downloads a "dodgy app" because there is nothing preventing them.

    1. Anonymous Coward
      Anonymous Coward

      Re: I never understand this

      The simplest 'workaround' is to have a second phone... which still doesn't help with security when the user stops using their official phone unless they really have to and carries out official business on their second phone because it doesn't present them with all the hassle of restrictions

    2. AVR

      Re: I never understand this

      And then someone with weight to swing around demands that their device be unlocked so they can use it properly. Others want the same when they hear about it. Pretty soon you're operating at least three levels of access permissions across the organisation, and support is that much harder. I can understand wanting to skip that.

  8. Pascal Monett Silver badge

    Government phone lockdown

    There is a simple solution to this : stop handing out phones that have zero protection in place.

    It's not only the Government, but it's the Department of Defense. If there is one institution in a country where you don't fool around, it's there.

    The DOD should have software that locks the phones it gives out to only a set of applications. The Play Store should not be part of that set.

    But of course, that means having actually thought about and planned something before handing out unsafe platforms, but hey, it's not like the DoD is in charge of the security of an entire nation.

    Oh, wait . . .

  9. Michael Wojcik Silver badge

    "luxury yacht dealer applications"?

    What sort of nouveau-riche clod buys his (or her, but I'm guessing it's his) luxury yachts using an app? That alone should be a firing offense, on the grounds of an utter lack of taste. And the buyer and seller should be kicked out of the country club. And the yachts in question should be holed below the waterline.

    Kids these days.

  10. RobThBay

    Just wondering if things (phones & tablets) were more secure in the "old days" when the governments were using Blackberry devices and backend systems that were designed with security in mind?

    1. DeathSquid

      Blackberry were cheerfully handing everyone's data to the NSA. And there is no suggestion whatsoever that the data was used to advantage US companies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like