from Hacker News

NSA code in Android

by KumarAseem on 7/16/13, 4:58 PM with 11 comments

• by jmillikin on 7/16/13, 5:16 PM

  The article starts out by claiming Windows's _NSAKEY[1] provides "backdoor access", then goes on to claim that Linux is compromised because SELinux[2] was originally developed by the NSA, and then concludes that porting SELinux to Android means that Android has been compromised.

  The author notes that all of the SELinux code is open-source, but appears to believe that the NSA is capable of writing backdoor code that eludes extensive auditing by the entire world's security community.

  In other words, this site is Timecube for techies.

  [1] http://en.wikipedia.org/wiki/NSAKEY

  [2] http://en.wikipedia.org/wiki/Security-Enhanced_Linux

• by Vivtek on 7/16/13, 5:11 PM

  This seems pretty alarmist to me. The code was peer-reviewed, and the NSA does actually have an interest in improving general security - and there are a lot of smart people there.

  I'd be a lot more concerned about the many instances of NSA contributing code we don't know about and can't inspect than I am about their contributing to open-source, which I consider a good thing.

• by patrickaljord on 7/16/13, 5:06 PM

  The guy doesn't seem to understand what open source means. Also, blog spam.

• by ceejayoz on 7/16/13, 5:12 PM

  One of the NSA's duties is enhancing US cybersecurity (to the point where only they can break into things, I'd imagine), so this is hardly surprising and not the "zomg conspiracy" crap this blog is pushing. Their "how to harden" guidelines (http://www.nsa.gov/ia/mitigation_guidance/security_configura...) have long been a trusted resource.

• by schrodingersCat on 7/16/13, 5:02 PM

  Okay, there's NSA code in android. Is it defacto a backdoor? my understanding was that SE-Linux was simply a configuration, not a special program. Could someone explain?

• by RyanZAG on 7/16/13, 5:12 PM

  Does not appear to be a backdoor or anything like that - it's standard security stuff to get Android certified as Blackberry is. If there is a backdoor, it's one incredibly complicated and well hidden one.

  Of course, there is not much doubt that anything you send through Google is going to be accessible to the NSA - eg, Google Play, Gmail, push notifications, etc. And if you're in the USA, anything you send through AT&T etc.

• by fudged71 on 7/16/13, 5:13 PM

  An opposite perspective on this: http://www.zdnet.com/why-you-shouldnt-worry-that-the-nsa-is-...

• by mtgx on 7/16/13, 5:08 PM

  It's code that was written in the open, that everyone knew about. It wasn't written in secret, and meant as a backdoor (you know, like with Skype, Outlook and Skydrive).