National Security Agency’s (NSA) SE Linux team, citing critical gaps in the security of Android , is building a Security Enhanced (SE) version of the publicly available source code for the Android project. This is a variant of the SE Linux project co-developed by NSA and RedHat, which gives (among other things) a more granular security context to individual files based on their role. In this way, even if an application were to break out of its security sandbox, it would have limited ability to affect core system functionality.
SE Linux, and variants like App Armor have been happily guarding Linux in secure environments for years. This functionality has spread from the orginal RedHat (and clones like CentOS, Scientific Linux) to many other distributions like Debian, helping secure Linux far and wide.
Some users have installed commercial security suite implementations from various vendors, including ESET Mobile Security for Android. But for those who want to get under the hood and beef up the underlying OS security, SE Android may be one place to look.
Since the Android Operating System is open source, the Android Open Source Project (AOSP) has made the source code available, which is then combined with the SE Android code to form a complete SE Android OS.
While the project is in its early stages, certainly SE Linux eventually spread far and wide. It will remain to be seen if the SE-enabled Android version will see widespread adoption by vendors and personal users alike, but having more security options for the mobile platform seems like a move in a positive direction. It also speaks a certain amount about plans for Android in an enterprise setting, where SE platforms are normally found.
Author Cameron Camp, ESET