

NSA code in Android - KumarAseem
http://worldtruth.tv/the-nsa-has-inserted-its-code-into-android-os-or-three-quarters-of-all-smartphones/

======
jmillikin
The article starts out by claiming Windows's _NSAKEY[1] provides "backdoor
access", then goes on to claim that Linux is compromised because SELinux[2]
was originally developed by the NSA, and then concludes that porting SELinux
to Android means that Android has been compromised.

The author notes that all of the SELinux code is open-source, but appears to
believe that the NSA is capable of writing backdoor code that eludes extensive
auditing by the entire world's security community.

In other words, this site is Timecube for techies.

[1] [http://en.wikipedia.org/wiki/NSAKEY](http://en.wikipedia.org/wiki/NSAKEY)

[2] [http://en.wikipedia.org/wiki/Security-
Enhanced_Linux](http://en.wikipedia.org/wiki/Security-Enhanced_Linux)

------
Vivtek
This seems pretty alarmist to me. The code was peer-reviewed, and the NSA does
actually have an interest in improving general security - and there are a lot
of smart people there.

I'd be a lot more concerned about the many instances of NSA contributing code
we don't know about and can't inspect than I am about their contributing to
open-source, which I consider a good thing.

------
patrickaljord
The guy doesn't seem to understand what open source means. Also, blog spam.

------
ceejayoz
One of the NSA's duties is enhancing US cybersecurity (to the point where only
they can break into things, I'd imagine), so this is hardly surprising and not
the "zomg conspiracy" crap this blog is pushing. Their "how to harden"
guidelines
([http://www.nsa.gov/ia/mitigation_guidance/security_configura...](http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml))
have long been a trusted resource.

------
schrodingersCat
Okay, there's NSA code in android. Is it defacto a backdoor? my understanding
was that SE-Linux was simply a configuration, not a special program. Could
someone explain?

~~~
gizmo686
The way I read the article, it sounds like the NSA commit code like any other
contributer. If I had the time, I would look the the commit log and mailing
lists to see exactly what they did.

If not for the fact that "NSA=big brother" is a trending story outside of
highly techy circles, I would think this article was a piece of satire. Even
its main point that it can quote them saying the NSA's code tries to be
invisible to apps and users doesn't mean anything, because, that is the point,
to transparrently offer increased security without inconveniencing everyone.

If the NSA wanted to slip a back door into the kernel, they would do something
much more sneaky, such that it looks like an innocent mistake in some random
part of the code.

~~~
krapp
They cite NSAKEY as a qualifying example of an NSA software backdoor... am I
ignorant and/or naive or has it never actually been proven that that's what it
was?

------
RyanZAG
Does not appear to be a backdoor or anything like that - it's standard
security stuff to get Android certified as Blackberry is. If there is a
backdoor, it's one incredibly complicated and well hidden one.

Of course, there is not much doubt that anything you send through Google is
going to be accessible to the NSA - eg, Google Play, Gmail, push
notifications, etc. And if you're in the USA, anything you send through AT&T
etc.

------
fudged71
An opposite perspective on this: [http://www.zdnet.com/why-you-shouldnt-worry-
that-the-nsa-is-...](http://www.zdnet.com/why-you-shouldnt-worry-that-the-nsa-
is-inside-androids-code-7000018040/)

~~~
KumarAseem
After reading a lot of other people comments on all the aspects of trusting
open source or not I do believe now that even if something is open source does
not mean it should be trusted by default. I am sure (could be wrong) that a
lot of code in linux (shell & apps) would have never been peer reviewed or
peer reviewed but by those who are not extremely good at understanding how
things are hidden.

After all NSA has some of the brightest minds on its payroll and those guys
sure know computers better than some people know the back of their hands.

But do the non-tech users and tech users (who are not great at programming)
have a choice? We have to use what is available in the market if we want to
use computers.

------
mtgx
It's code that was written in the open, that everyone knew about. It wasn't
written in _secret_ , and meant as a backdoor (you know, like with Skype,
Outlook and Skydrive).

