[liberationtech] Recommended Software for Encrypted Blackberry Voice Calls
Nathan Freitas
nathan at freitas.net
Tue Jan 25 05:37:21 PST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/25/2011 08:19 AM, Thomas Lowenthal wrote:
> The problem with using Android devices for sensitive applications is that
> neither the phone nor the SD card can be effectively encrypted by the
> operating
> system.
While I agree that Blackberry has a generally excellent track record in
this area, to say that Android cannot provide the same level of security
is not true. If you want, and can afford, a turn-key enterprise/govt
grade mobile email and voice package, then yes, I agree Blackberry is a
great solution. I would just like to defend Android a bit here, and
ultimately defend the idea of open-source mobile platforms from a
security perspective.
The beauty of Android is that you are not dependent upon a
closed-source, commercial operating system to provide your security for
you in a "trust us" fashion. Nor are you dependent upon them to
admit/disclose, patch and release fixes for critical security features.
You can replace and upgrade any app, and even self patch the OS or build
and replace the entire OS firmware if necessary.
In addition, the security model of Android is well known, as it employs
the same type of user-based data sandboxing as Linux. Applications such
as TextSecure and Redphone (both by WhisperSystems) employ applications
level data encryption to secure keys, contacts, messages and more, using
known encryption packages and standards.
The Guardian Project team has ported SQLCipher (http://sqlcipher.net/),
an open-source layer for SQLite that employs AES 256-bit encryption.
This can easily be added into any applications to safeguard data at the
app level. You can find the source of our port now
(https://github.com/eighthave/sqlcipher), and we plan to release a
documented developer toolkit in February.
In addition, we are nearly ready to release an early, but working
capability to support LUKS disk encryption
(http://code.google.com/p/cryptsetup/) on both the user data and sdcard
storage area of Android. LUKS is the same encryption I use in Ubuntu,
and the work we have done (built upon great work of others in the
open-source mobile community) is simply cross-compiling the same source
to Android. We can issue updates and fixes as LUKS itself is updated.
I could go on about the numerous open-source security packages we are
able to reliable port to Android. Again it all comes down to what you
and your users need, and we are feverishly working to provide a great
user experience for secure Android devices. Regardless, from a technical
perspective, the security model for Android is just as capable and
complete as any other platform, and significantly more sustainable and
transparent.
Best,
Nathan
https://guardianproject.info
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk0+0hAACgkQhemw+yiNNc7PLQCfSYdl6WUToUrvrCGWV/xmQ6eK
VucAnidlHCaqwefVgzLdDJpcMkCr5iwM
=bvEg
-----END PGP SIGNATURE-----
More information about the liberationtech
mailing list