Security Against Who?
Posted Jan 18, 2012 22:19 UTC (Wed) by ldo
In reply to: NSA releases security-enhanced Android (The H)
Parent article: NSA releases security-enhanced Android (The H)
But given the choice of having my phone firmware "abused" by the carrier, and _abused_ by malicious software, I would pick the former every time.
That’s a stupid, specious dichotomy. As is well-known, you cannot “secure” a system against the person who legitimately owns that system and has physical access to it. SELinux doesn’t try to do that, and SEAndroid wouldn’t try to do that. The NSA, of all people, are well aware of such a limitation—after all, it is the reason that Digital Restrictions Management doesn’t work. In short, these security frameworks, like all security frameworks, are useless for vendors trying to lock you out of devices that you buy from them.
But of course, like a lot of people, the stupid vendors would have trouble grasping such a fine point. So I wouldn’t be surprised to see one or two of them try to use it for this very purpose.
to post comments)