The smartphone in your pocket is much more than a source of productivity and (productivity-killing) fun. As portable surveillance devices, smartphones are one of the biggest internal attack vectors today. But people working in defense and intelligence still need the chance to enjoy the productivity gains smartphones can bring without the accompanying risk.
A Goal in Contradiction to Mobile Phones’ Origin
Making mobile phones sufficiently secure is fundamentally at odds with the business models of the companies making them. Google gives away Android OS for free and many fantastic apps, such as Google Maps, are also free. They don’t do so out of the kindness of their hearts. While they’ve made many positive contributions to society, in accordance with their former motto, ‘don’t be evil,’ Google remains a for-profit company. There has to be a path to monetization, or these innovations wouldn’t exist.
Collecting data is central to the business model of selling targeted advertising. Unlike Blackberry, which was developed primarily for enterprise and government use, Android and iOS development is driven primarily by consumer needs. All those fun and useful mobility apps have a cost – and the payment comes in the form of detailed information about the users. As the saying goes, “if it’s free it’s because you are the product”. That might be fine for consumer phones, but when the government picks a mobile platform their sensitive data should never be on the table.
Highly Promiscuous Networking Devices
Mobile phones are highly promiscuous networking devices with multiple cameras, microphones, and radio devices that can connect to other networks. By prioritizing user data monetization to drive their advertising business, consumer phones put government users at extreme risk.
A 2018 Vanderbilt University study found that a stationary smartphone running Google’s Android operating system and Chrome sent data to the company’s servers an average of 14 times an hour, 24 hours a day.
The school of computer science and statistics at Trinity College Dublin, Ireland, recently investigated what data iPhone and Android phones share with Apple and Google. “We find that even when minimally configured and the handset is idle, both iOS and Google Android share data with Apple/Google on average every 4.5 mins. The phone IMEI, hardware serial number, SIM serial number and IMSI, handset phone number etc. are shared with Apple and Google. Both iOS and Google Android transmit telemetry, despite the user explicitly opting out of this… Users have no opt out from this and currently there are few, if any, realistic options for preventing this data sharing,” (emphasis mine.)
Enter the “Consumer Plus” solution
To solve the government security problem with consumer phones, practitioners have turned to using Mobile Device Management (MDM) software. Most government deployments today consist of a consumer smartphone managed by an MDM – the “Consumer Plus” solution. MDMs are widely used and broadly effective for industry because they get privileged access to a set of common APIs built in by the phone OEMs. MDM software is great for managing the basic features of a phone. They can do these things well:
- Report & measure device compliance
- Control password length and complexity
- Freeze or wipe a lost device
- Configure and update apps
Unfortunately, it’s the operating system itself that can’t be trusted in these consumer devices. The OS is collecting and retransmitting information about the user location, user activity, applications, etc., and the OS vendors don’t provide any APIs to turn this off.
The result is a false sense of security. The “Consumer Plus” solutions continue to leak data that puts government workers at risk.
The Wrong Tool for The Job
In an episode of, “The Cars of The People,” host James May shows the Citroen 2CV,
designed in 1938 as a lightweight family car with a 2-horsepower engine. The French sought to transform the 2CV into an armored, military transport vehicle and did so by painting them dark green. As fans of “Top Gear” would expect, the show tested how the vehicle fared under heavy artillery fire. And again, as you might expect, the results showed that, even with green paint, the Citroen 2CV was not the right tool for the job.
It’s crucial to get the right tool for the job. Security-conscious agencies need something the consumer phone ecosystem simply cannot provide. Consumer phones are great for consumers, but governments ought to know better. Agencies need a solution that puts them in charge of the smartphones their people are using.
Rising Above “Consumer Plus”
Government users face more severe threats than most commercial enterprises need to be concerned about. In addition to needing digital-domain protection from nation-state attackers, some government users need to blend in and do their work without drawing too much attention. They need a phone that evades detection in the real world.
Traditional government-built phone solutions like the ill-fated “SME PED” don’t work. The human factor can’t be ignored. If people can’t access the services and apps they want, they simply resort to carrying their personal phone, thus defeating the whole purpose of the government device. And user resistance is just one of the reasons custom gov devices fail.
Rather than a battle to thwart users attempts to circumvent the procedures, the best strategy is to make it easier and more appealing to comply. Empower users with the productivity tools they desire, while retaining the necessary security.
Governments require special capabilities on mobile phones, such as:
- Override built-in data collection capabilities
- Control smartphone tracking of user location and activities
- Limit advertising tracking codes
- Reliably disable Wi-Fi and Bluetooth, and keep them disabled. For more on this point read our recent blog post “Off means Off”.