The DoD is committing to Android as a platform in a massive way. Apps 4 Army is a key example. The push is so large and widespread that I think it will force the whole US Gov't along with it. Everyone from political leaders, to soldiers, to doctors at VA hospitals, to employees at defense contractors, will be required to use Android because of government security certifications and custom apps. There's a good chance that Android will become the very dominant winner in the mobile platform space because of this.
Summary -<p>The US navy wants to use (near) commercial android devices. These might be used to display confidential reports (as in a normal buisness), but may also be used to control the ship.<p>The navy already have secure versions of Linux and Windows, and want something similar for android.<p>This will take the form of additional security layers, similar to the ones the NSA did for Linux[1].<p>Some of them will be made commercially available, hopefully increasing security to the whole platform. If this included e.g. application sandboxing, you can see that it would be of general interest, particularly to people with similar needs (Android based control terminal for a power station, or sys admin wants to roll out policy to coorp devices).<p>Android is becoming the default embedded OS for a lot of UI, so it's really nice to see this.<p>[1]<a href="http://en.wikipedia.org/wiki/Security-Enhanced_Linux" rel="nofollow">http://en.wikipedia.org/wiki/Security-Enhanced_Linux</a>
I found it interesting that they specifically called out use on Virginia-class submarines. As a former submarine officer myself, there certainly are <i>some</i> applications on board where this would certainly make sense. (Not in the engine room operationally, but in other areas definitely.)
The fact that this project is "focused on reducing the impact of short life cycles for commercial mobile devices" excites me as I'm sure many folks dislike how quickly technology grows obsolete and stale when you just bought a new phone and a new one comes out a few weeks later. That being said, security of mobile devices is an increasingly important issue as we become more and more reliant on information connectivity for our daily lives.<p>I would be curious to hear the results of Phase I and of course look at the framework they use to extend the Android OS.<p>Why not try to commit the Security extensions into the Android project?
The Navy has an SBIR solicitation out for this topic, but it does not necessarily mean that it is going to put up $1MM. Phase I funding is small (less than $100k per award) and sometimes no Phase II contracts are awarded for a topic. Of course, the Navy could also spend much more than $1MM if they decide to fund multiple Phase IIs (also not uncommon). It really depends on the results they see during Phase I and the importance of the topic compared to other funding opportunities.
Raise of android-based embedded devices is coming.
Android already ate ~70% of selling smartphones and now spreading to non-phone areas, like car systems, fridges, cash machines and so on.
I really hope android will become even more secure in next few years. Otherwise ... imagine it by ourselves
Why doesn't Google apply? :) They get $1 million to improve Android security - and they can just do it and integrate it into the next release for everyone!
This comes hot off the heels of the ACLU filing a FTC complaint about lack of security: <a href="http://www.aclu.org/blog/technology-and-liberty/aclu-files-ftc-complaint-over-android-smartphone-security" rel="nofollow">http://www.aclu.org/blog/technology-and-liberty/aclu-files-f...</a> Interesting that where the market and the FTC fails to act, the Navy finds it necessary to pick up the slack.
Can anybody comment on how the Navy restriction to US citizens only developing this plays into the FOSS ecosystem of Android? I assume most of it is GPLv2, so isn't this immaterial? Why would it matter when the code is completely FOSS?
Seems like a great idea. I expect most of their contributions will make it back to open source via AOSP, and people will be able to run their own secure non-proprietary versions of Android.
The whole device hardware and software needs to be certified. It is hard to make a secure piece of software and prove it so if the hardware or firmware it is running on is compromised.
For all of you Flipper fanatics, I found a gem of a funding source "To develop probiotic pharmaceuticals to treat and prevent gastrointestinal disease in dolphins and improve their health through the utilization of indigenous commensal microbes of these marine mammals." <a href="https://sbirsource.com/grantiq#/topics/87793" rel="nofollow">https://sbirsource.com/grantiq#/topics/87793</a> . Big money to solve these big problems: <a href="http://www.youtube.com/watch?v=6S6PPKUDGfc" rel="nofollow">http://www.youtube.com/watch?v=6S6PPKUDGfc</a>