Are federal agencies moving too quickly to adopt Android?

Editor's note: This story has been modified to clarify the authorship of a GovLoop post that it cites.

The popular Android operating system now powers many smartphones, and other handheld devices such as Amazon's new Kindle Fire, making its presence in federal agencies likely. But A former chief technologist at the Defense Intelligence Agency is sounding an alarm warning that Android’s security vulnerabilities should cause government agencies to think twice before adopting the platform.

Technology analyst Bryan Halfpap at raised the concern in a blog post on GovLoop, detailing the problems security researchers have uncovered with Android. (Due to a peculiarity of the RSS feed, the post appears to be by Bob Gourley, former CTO at DIA and currently CTO at Crucial Point LLC, but a comment from Gourley clarifies the authorship.)

Related story:

Secure Android 'kernel' could make for classified phones

“There are some very serious security issues with this platform,” Halfpap wrote. “They are so serious the government should think twice before rushing to Android as a most favored mobile platform. In fact, a case can be built that it should be excluded from government use unless guidelines are followed in order to mitigate the issues.”

According to the post, security researchers have found that “nearly all” of Android’s security features have exploits or bypasses. Some, such as the application permissions model, could need “significant overhauls in order to maintain security."

“Android may be the most common, most easily extendable platform, but with its security concerns, very careful planning is recommended so that mistakes aren’t made in its deployment,” Halfpap warned.

But despite the cautionary advice on Android security, several federal agencies are moving forward on enterprise mobile deployments.

Los Angeles National Laboratory has developed use cases for Blackberry, Android and iPhone mobile enterprise deployments. Anil Karmel, solutions architect at Los Alamos, made a presentation at FOSE on those programs earlier this year. Key drivers of smartphone applications for workers include rapid innovation and demand for mobility, while malware is a key concern, Karmel said.

Several industry sources also are more optimistic about Android’s future in government.

“Android is not as secure (as other mobile platforms) but it can be dealt with,” said Tom Suder, founder of MobileGov, a company developing mobile solutions for government agencies. “People like Android, and there are ways to deal with the security issues.”

Another industry source was skeptical of Halfpap’s argument that federal agencies are moving too fast on Android. “The feds do not move too fast on anything,” the source said, adding that security consultants’ advice on security tends to be self-serving by nature.

Google and the National Security Agency currently are working to make Android much more secure. The search giant and the federal agency have developed a hardened kernel for the Android 3.0 operating system, which could help accelerate wider use of smartphones in the military,

Also, at the General Services Administration, security of mobile platforms is an issue that arises in the ongoing debate on whether it is preferable that agencies develop “native” mobile applications—applications specifically made for iPhone, Android or other platforms—or whether they should create mobile websites that can be accessed by all platforms.

For example, the Transportation Security Administration developed its MyTSA application for the iPhone, while the National Weather Service for several years has maintained a website designed for all mobile platforms.

About the Authors

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Wed, Dec 28, 2011 Bill

Lest you not forget that ALL APPLE products are made in China. Regardless of patents, wealth etc., what vulnerabilities are there when a hacktivist nation like China can insert whatever into every APPLE device?

Tue, Dec 13, 2011 R.D. MD, USA

The solution is iPhone as it has worked well for corporate Apple secrets and since it does not have adobe flash and its vulnerabilities, Apple gives free developer tools, an app store selling account is $99 a year, iOS is a component of open source BSD Unix, Apple owns the touch screen patents (unlike android who may loose use rights soon), Apple is a wholly owned US based company both software and hardware and the wealthist company in the world, what is the anality of the DA on going with the best device for our soldiers? Oh and did I mention iPad, porting from iPhone to iPad is a no brainer!

Mon, Dec 12, 2011 Bob Gourley

Friends, Thanks much for spreading the word on this. But to clarify, the post was written by security researcher Bryan Halfpap at Thanks! Bob

Mon, Dec 12, 2011

We cannot allow "Open", that is just too... communist... We need to have a good American Corporation controlling ALL of our tablet usage. We can trust ONE Corporation to take care of us, to know what is best for us.

Fri, Dec 9, 2011 Mike

Of course, secure with all apps controlled by Apple and impossible user control, otherwise it will be terrible device :):)

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group