Are federal agencies moving too quickly to adopt Android?

Editor's note: This story has been modified to clarify the authorship of a GovLoop post that it cites.

The popular Android operating system now powers many smartphones, and other handheld devices such as Amazon's new Kindle Fire, making its presence in federal agencies likely. But A former chief technologist at the Defense Intelligence Agency is sounding an alarm warning that Android’s security vulnerabilities should cause government agencies to think twice before adopting the platform.

Technology analyst Bryan Halfpap at CTOvision.com raised the concern in a blog post on GovLoop, detailing the problems security researchers have uncovered with Android. (Due to a peculiarity of the RSS feed, the post appears to be by Bob Gourley, former CTO at DIA and currently CTO at Crucial Point LLC, but a comment from Gourley clarifies the authorship.)


Related story:

Secure Android 'kernel' could make for classified phones


“There are some very serious security issues with this platform,” Halfpap wrote. “They are so serious the government should think twice before rushing to Android as a most favored mobile platform. In fact, a case can be built that it should be excluded from government use unless guidelines are followed in order to mitigate the issues.”

According to the post, security researchers have found that “nearly all” of Android’s security features have exploits or bypasses. Some, such as the application permissions model, could need “significant overhauls in order to maintain security."

“Android may be the most common, most easily extendable platform, but with its security concerns, very careful planning is recommended so that mistakes aren’t made in its deployment,” Halfpap warned.

But despite the cautionary advice on Android security, several federal agencies are moving forward on enterprise mobile deployments.

Los Angeles National Laboratory has developed use cases for Blackberry, Android and iPhone mobile enterprise deployments. Anil Karmel, solutions architect at Los Alamos, made a presentation at FOSE on those programs earlier this year. Key drivers of smartphone applications for workers include rapid innovation and demand for mobility, while malware is a key concern, Karmel said.

Several industry sources also are more optimistic about Android’s future in government.

“Android is not as secure (as other mobile platforms) but it can be dealt with,” said Tom Suder, founder of MobileGov, a company developing mobile solutions for government agencies. “People like Android, and there are ways to deal with the security issues.”

Another industry source was skeptical of Halfpap’s argument that federal agencies are moving too fast on Android. “The feds do not move too fast on anything,” the source said, adding that security consultants’ advice on security tends to be self-serving by nature.

Google and the National Security Agency currently are working to make Android much more secure. The search giant and the federal agency have developed a hardened kernel for the Android 3.0 operating system, which could help accelerate wider use of smartphones in the military,

Also, at the General Services Administration, security of mobile platforms is an issue that arises in the ongoing debate on whether it is preferable that agencies develop “native” mobile applications—applications specifically made for iPhone, Android or other platforms—or whether they should create mobile websites that can be accessed by all platforms.

For example, the Transportation Security Administration developed its MyTSA application for the iPhone, while the National Weather Service for several years has maintained a website designed for all mobile platforms.

About the Authors

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Camille Tuutti is a former FCW staff writer who covered federal oversight and the workforce.

Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.