Google Launches Business-Focused 'Android For Work'

[Guest]

The program will feature work profiles that are installed on your personal device, but IT can only view the work profile, keeping your personal data safe from prying eyes.

Google Launches Business-Focused 'Android For Work' : Read more

 

[smeezekitty]

"Additionally, any device running Android 5.0 Lollipop with Google for Work also gets enhanced SELinux security and multi-user support."

And which Governmental entity developed the code for SELinux again?
No thanks.

 

[tomfreak]

business focus on windows 10 ecosystem.

 

[digitalvampire]

"Additionally, any device running Android 5.0 Lollipop with Google for Work also gets enhanced SELinux security and multi-user support."

And which Governmental entity developed the code for SELinux again?
No thanks.

The code has, of course, been vetted and doesn't do anything it's not supposed to. Being free/open source software (GPL), anyone can go and check it at any time to make sure. It's also incredibly easy to check to see if what you end up running is different from the (legally required) supplied code. I'd normally have your same caution, but it's not needed in this case.

 

[ethanolson]

With a name of "digitalvampire" I think we may have a suspicion as to who you work for.

Also, SELinux has been in mainline code since Kernal 2.6. Why hasn't it been put in Android long ago?

 

[digitalvampire]

With a name of "digitalvampire" I think we may have a suspicion as to who you work for.

Also, SELinux has been in mainline code since Kernal 2.6. Why hasn't it been put in Android long ago?

I hate my name honestly, just never went back to change it. Haha. And I'm a college student (Electrical/Computer Engineering) and F/OSS developer in my spare time. As for why it hasn't been included, I can give two good reasons off the top of my head, but I'm sure there are more.

1) SELinux is very strict and is often considered overkill on security. So much so that people often just disable it on their home distributions. I did for years, but I don't anymore. I imagine this is why they are only enabling it on their Business version (where more sensitive data is often kept/transmitted) vs the regular version (where cat pictures tend to take precedence).

2) There is also a small performance penalty for using it. While it is not noticeable on a desktop or laptop, it could actually be a pain on a phone or tablet.

 

[smeezekitty]

"Additionally, any device running Android 5.0 Lollipop with Google for Work also gets enhanced SELinux security and multi-user support."

And which Governmental entity developed the code for SELinux again?
No thanks.

The code has, of course, been vetted and doesn't do anything it's not supposed to. Being free/open source software (GPL), anyone can go and check it at any time to make sure. It's also incredibly easy to check to see if what you end up running is different from the (legally required) supplied code. I'd normally have your same caution, but it's not needed in this case.

That's not a sure thing. A backdoor can be written to be subtle and difficult to notice.

Regardless, I always compile my kernels without SELinux support. It is a massive useless nuisance at best
and potentially a backdoor at worst.

 

[bit_user]

That's not a sure thing. A backdoor can be written to be subtle and difficult to notice.

This logic is pretty suspect. SELinux closes many potential attack vectors, which are much more likely to be involved in any exploit against you than a hypothetical backdoor or two that it might open.

Now, as for the inconvenience and possible performance impact, I think those are valid reasons not to use it (I don't).

FWIW, I'm worried about NSA surveillance in general, but not of me, specifically. I worry about things like its potential misuse by unaccountable bureaucrats and political operatives. If Watergate happened in 2015, we'd probably never hear about it. That said, SELinux doesn't top my list of concerns and I feel it's probably no more exploitable than anything else Google might use.