Google Launches Business-Focused 'Android For Work'

Status
Not open for further replies.

smeezekitty

Distinguished
"Additionally, any device running Android 5.0 Lollipop with Google for Work also gets enhanced SELinux security and multi-user support."

And which Governmental entity developed the code for SELinux again?
No thanks.
 

digitalvampire

Distinguished
Jan 28, 2010
44
0
18,530
0
"Additionally, any device running Android 5.0 Lollipop with Google for Work also gets enhanced SELinux security and multi-user support."

And which Governmental entity developed the code for SELinux again?
No thanks.
The code has, of course, been vetted and doesn't do anything it's not supposed to. Being free/open source software (GPL), anyone can go and check it at any time to make sure. It's also incredibly easy to check to see if what you end up running is different from the (legally required) supplied code. I'd normally have your same caution, but it's not needed in this case.
 

ethanolson

Distinguished
Jun 25, 2009
318
0
18,780
0
With a name of "digitalvampire" I think we may have a suspicion as to who you work for.

Also, SELinux has been in mainline code since Kernal 2.6. Why hasn't it been put in Android long ago?
 

digitalvampire

Distinguished
Jan 28, 2010
44
0
18,530
0
With a name of "digitalvampire" I think we may have a suspicion as to who you work for.

Also, SELinux has been in mainline code since Kernal 2.6. Why hasn't it been put in Android long ago?
I hate my name honestly, just never went back to change it. Haha. And I'm a college student (Electrical/Computer Engineering) and F/OSS developer in my spare time. As for why it hasn't been included, I can give two good reasons off the top of my head, but I'm sure there are more.

1) SELinux is very strict and is often considered overkill on security. So much so that people often just disable it on their home distributions. I did for years, but I don't anymore. I imagine this is why they are only enabling it on their Business version (where more sensitive data is often kept/transmitted) vs the regular version (where cat pictures tend to take precedence).

2) There is also a small performance penalty for using it. While it is not noticeable on a desktop or laptop, it could actually be a pain on a phone or tablet.
 

smeezekitty

Distinguished

That's not a sure thing. A backdoor can be written to be subtle and difficult to notice.

Regardless, I always compile my kernels without SELinux support. It is a massive useless nuisance at best
and potentially a backdoor at worst.
 

bit_user

Splendid
Ambassador
This logic is pretty suspect. SELinux closes many potential attack vectors, which are much more likely to be involved in any exploit against you than a hypothetical backdoor or two that it might open.

Now, as for the inconvenience and possible performance impact, I think those are valid reasons not to use it (I don't).

FWIW, I'm worried about NSA surveillance in general, but not of me, specifically. I worry about things like its potential misuse by unaccountable bureaucrats and political operatives. If Watergate happened in 2015, we'd probably never hear about it. That said, SELinux doesn't top my list of concerns and I feel it's probably no more exploitable than anything else Google might use.
 
Status
Not open for further replies.

ASK THE COMMUNITY