NSA code in Android

The article starts out by claiming Windows&#x27;s _NSAKEY[1] provides &quot;backdoor access&quot;, then goes on to claim that Linux is compromised because SELinux[2] was originally developed by the NSA, and then concludes that porting SELinux to Android means that Android has been compromised.<p>The author notes that all of the SELinux code is open-source, but appears to believe that the NSA is capable of writing backdoor code that eludes extensive auditing by the entire world&#x27;s security community.<p>In other words, this site is Timecube for techies.<p>[1] <a href="http://en.wikipedia.org/wiki/NSAKEY" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;NSAKEY</a><p>[2] <a href="http://en.wikipedia.org/wiki/Security-Enhanced_Linux" rel="nofollow">http:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Security-Enhanced_Linux</a>

This seems pretty alarmist to me. The code was peer-reviewed, and the NSA does actually have an interest in improving general security - and there are a lot of smart people there.<p>I&#x27;d be a lot more concerned about the many instances of NSA contributing code we don&#x27;t know about and can&#x27;t inspect than I am about their contributing to open-source, which I consider a good thing.

The guy doesn&#x27;t seem to understand what open source means. Also, blog spam.

One of the NSA&#x27;s duties is enhancing US cybersecurity (to the point where only they can break into things, I&#x27;d imagine), so this is hardly surprising and not the &quot;zomg conspiracy&quot; crap this blog is pushing. Their &quot;how to harden&quot; guidelines (<a href="http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml" rel="nofollow">http:&#x2F;&#x2F;www.nsa.gov&#x2F;ia&#x2F;mitigation_guidance&#x2F;security_configura...</a>) have long been a trusted resource.

Okay, there&#x27;s NSA code in android. Is it defacto a backdoor? my understanding was that SE-Linux was simply a configuration, not a special program. Could someone explain?

Does not appear to be a backdoor or anything like that - it&#x27;s standard security stuff to get Android certified as Blackberry is. If there is a backdoor, it&#x27;s one incredibly complicated and well hidden one.<p>Of course, there is not much doubt that anything you send through Google is going to be accessible to the NSA - eg, Google Play, Gmail, push notifications, etc. And if you&#x27;re in the USA, anything you send through AT&amp;T etc.

An opposite perspective on this: <a href="http://www.zdnet.com/why-you-shouldnt-worry-that-the-nsa-is-inside-androids-code-7000018040/" rel="nofollow">http:&#x2F;&#x2F;www.zdnet.com&#x2F;why-you-shouldnt-worry-that-the-nsa-is-...</a>

It&#x27;s code that was written in the open, that everyone knew about. It wasn&#x27;t written in <i>secret</i>, and meant as a backdoor (you know, like with Skype, Outlook and Skydrive).