or Connect
AppleInsider › Forums › Mobile › iPhone › Australian government approves Apple's iOS for handling classified info
New Posts  All Forums:Forum Nav:

Australian government approves Apple's iOS for handling classified info

post #1 of 28
Thread Starter 
Apple's iPhone and iPad have been approved by the Australian government to be used for storing and sharing classified government data.

Apple's iOS 5 software passed the government's stringent security assessment to gain the approval, the Herald Sun reported on Friday. Mike Burgess, acting director of Australia's Defence Signals Directorate, approved iOS 5 devices to handle secret information classified at the "Protected" level.

The security evaluation for iOS 5 is said to be the first of its kind for Apple's mobile operating system. The approval means government agencies in Australia that have implemented DSD security advice will be able to use iPhones and iPads.

"Embracing new technologies, such as smartphones and tablet PCs, provides government with a genuine opportunity to conduct its business more efficiently," Burgess said. "However, the threat of government information being stolen or compromised is also very real."

Last June, the security experts at Symantec declared that iOS offers more protection than Google's competing mobile operating system, Android. Specifically, iOS was found to have "full protection" against malware attacks, while Android was deemed to have "little protection."




Symantec also found that iOS has greater protection than Android against abuse and service attacks, data loss, and data integrity attacks. iOS was also found to have greater security feature implementation for access control, application provenance, and encryption.

Apple's iOS-based devices have found a growing presence in government as the operating system's security has been vetted by agencies. In one recent, prominent example, the U.S. Air Force expressed interest in purchasing 18,000 iPads for use on cargo aircraft like the C-5 Galaxy and C-17 Globemaster.

[ View article on AppleInsider ]
post #2 of 28
Well done. The Aussie government traditionally evaluates RIM and Microsoft software and devices for security needs, but with Apple's iPhone the number one smartphone line in Australia, the pressure was on for iOS to gain some level of approval. As expected they've met the requirements spelled out for them last June.

Apple is hard to ignore with the impact they've made the past few years and I expect other countries should follow suit in the near future.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #3 of 28
Good for Apple.

Quote:
Originally Posted by AppleInsider View Post

...
Symantec also found that iOS has greater protection than Android against abuse and service attacks, data loss, and data integrity attacks. iOS was also found to have greater security feature implementation for access control, application provenance, and encryption...

Lol, Symantec...
post #4 of 28
Yikes! Could they have used any worse color choices in the rating graphics for those of us who are color blind?
post #5 of 28
US govt still won't allow govt email on IOS devices.
Hokey religions and ancient weapons are no match for a good blaster by your side, kid.
Reply
Hokey religions and ancient weapons are no match for a good blaster by your side, kid.
Reply
post #6 of 28
What about ASIO?
post #7 of 28
Well at least now there is one government body that actually got something right.
Pity the agnostic dyslectic. They spend all their time contemplating the existence of dog.
Reply
Pity the agnostic dyslectic. They spend all their time contemplating the existence of dog.
Reply
post #8 of 28
Quote:
Originally Posted by boeyc15 View Post

US govt still won't allow govt email on IOS devices.

Not so. We are using them with Good's enterprise interface to our Exchange servers.
post #9 of 28
Quote:
Originally Posted by boeyc15 View Post

US govt still won't allow govt email on IOS devices.

Interesting. In a previous post you babble on about how only Android, Microsoft, and RIM products are allowed. A few posts later you claim that only Black Berry devices are allowed on your corporate network. So what happens when RIM goes belly up as it appears to be headed for? And why would the government allow an obvious security risk like Android yet iOS is banned? The Australian government appears able to figure it out.
post #10 of 28
Quote:
Originally Posted by SixPenceRicher View Post

Yikes! Could they have used any worse color choices in the rating graphics for those of us who are color blind?

That is pretty bad in this day an age. My dad was red green and I discovered this at a young age while walking with him across a field in which there was a large bull eyeing us. The words "what bull?" have been a source of humor ever since in our family.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #11 of 28
Quote:
Originally Posted by lkrupp View Post

And why would the government allow an obvious security risk like Android yet iOS is banned?

Do some reading other than at AI or other enthusiast sites and you should find out rather quickly that Android isn't an obvious security risk.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #12 of 28
Look forward to US Gov't and companies adopting the core iOS5 as a basis to handle sensitive information. I suspect DOD Classified is not really what we are talking about.
post #13 of 28
Quote:
Originally Posted by muppetry View Post

Not so. We are using them with Good's enterprise interface to our Exchange servers.

We use them with GOOD as well although we are waiting for FIPS validation of the iPhone and iPad cryptographic modules and we then may use ActiveSync.
post #14 of 28
Quote:
Originally Posted by Gatorguy View Post

Do some reading other than at AI or other enthusiast sites and you should find out rather quickly that Android isn't an obvious security risk.

Yes, and you should check out the state of affairs with keeping android devices up to date. http://theunderstatement.com/post/11...ory-of-support This is what's killing RIM in the enterprise too. The ability to upgrade is part of good security planning.

- Aaron
Conquer Mobile
http://conquermobile.com
post #15 of 28
Quote:
Originally Posted by otri View Post

Yes, and you should check out the state of affairs with keeping android devices up to date. http://theunderstatement.com/post/11...ory-of-support This is what's killing RIM in the enterprise too. The ability to upgrade is part of good security planning.

- Aaron
Conquer Mobile
http://conquermobile.com

Consumer updates wouldn't apply to secured devices for classified uses.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #16 of 28
Quote:
Originally Posted by AppleInsider View Post

[...] Specifically, iOS was found to have "full protection" against malware attacks, while Android was deemed to have "little protection." [...]

Google's only reason for dumping Android onto the market is to make money by serving up ads.
Security and quality are irrelevant to them. Android isn't their product. Consumers' eyeballs on ads is their product.

Ironic that Google makes 4x as much money from iOS than they do from all of Android.
That's right folks. 80% of Google's mobile revenue comes from iOS, and only 20% comes from Android.
Even more reason for Google to not waste time, money, and effort "improving" Android.

http://www.appleinsider.com/articles...m_android.html

Sent from my iPhone Simulator

Reply

Sent from my iPhone Simulator

Reply
post #17 of 28
Some of the people at Colligo Networks went to Australia to showcase their Briefcase app for iPad, to groups including the government and large enterprise organizations.

As designers of the app, we had to be fully aware of all aspects of security to lock down the entire system. From securely accessing Sharepoint to making sure all data was immediately put in a crypto locked storage. This got audited by Ernst & Young's security researchers, and even has security in the event of the iPad being jailbroken. Apple's APIs guide you to do the right thing, and I'm glad the Australian government acknowledges the platform's security.

The end-to-end security has been a real brain twist for organizations. The US government had provisions saying all devices needed security software on top. There was no provision until very recently for a secure platform, however the way iOS has been designed even the Anti-virus guys can't install their software legitimately. There's some very smart Apple security people that explain how it all works. I spent a full day learning about Apple's security infrastructure at Apple Connect 2012 a couple weeks ago, and it was totally worth it.

I think the BIG WIN is appliance like computing, minimal support costs, on a device that's actually elegant and fun for personal use.

Cheers!
- Aaron
Conquer Mobile
http://conquermobile.com
post #18 of 28
Quote:
Originally Posted by Gatorguy View Post

Consumer updates wouldn't apply to secured devices for classified uses.

Consumer updates makes it easier to maintain overall system integrity. For Classified data you're thinking of fixed deployments of a standard issue device then passing FIPS 140-2 validation (which takes 6-7 months just to get evaluated). There's only so much you can do to keep a fork of a platform secure. These devices don't have a lot of shelf life, so it's hard to keep security updates rolling with multiple devices. Even more difficult keeping a managed and mandatory update deployments going without potentially wreaking havoc on user data, thus requiring heavy testing before roll-out. Very few organizations have the resources to do that effectively. So, unless you're government your best bet is security via the latest OS updates.

- Aaron
Conquer Mobile
http://conquermobile.com
post #19 of 28
Quote:
Originally Posted by otri View Post

Some of the people at Colligo Networks went to Australia to showcase their Briefcase app for iPad, to groups including the government and large enterprise organizations.

As designers of the app, we had to be fully aware of all aspects of security to lock down the entire system. From securely accessing Sharepoint to making sure all data was immediately put in a crypto locked storage. This got audited by Ernst & Young's security researchers, and even has security in the event of the iPad being jailbroken. Apple's APIs guide you to do the right thing, and I'm glad the Australian government acknowledges the platform's security.

The end-to-end security has been a real brain twist for organizations. The US government had provisions saying all devices needed security software on top. There was no provision until very recently for a secure platform, however the way iOS has been designed even the Anti-virus guys can't install their software legitimately. There's some very smart Apple security people that explain how it all works. I spent a full day learning about Apple's security infrastructure at Apple Connect 2012 a couple weeks ago, and it was totally worth it.

I think the BIG WIN is appliance like computing, minimal support costs, on a device that's actually elegant and fun for personal use.

Cheers!
- Aaron
Conquer Mobile
http://conquermobile.com

FWIW, Android and iOS security has more in common than most here might suspect.
"First of all let’s start at the similarities with both platforms, and the security features which they both share. Android and iOS both have what is known as traditional access control, basically the method in which users get access to the device and put the device to sleep or lock it. They both also have access control settings to add or remove permissions for applications, meaning users can limit an applications ability to access certain services or data. Something which was surprising to me, was the limited access to the hardware which the two operating systems have. Both platforms contain a number of layers of intermediary software which acts as a go between for the OS and the underlying hardware. Finally, both iOS and Android have built in contingencies to resist web based attacks, should they occur."

Where comments about Android security come up, it nearly always involves the app market. It's here that iOS has the reputation for keeping users safe from harm, while Android's app markets are made out to be a wild west with viruses and malware around every corner. Recently it's become fairly obvious that Apple doesn't curate their marketplace as heavily as some have assumed. Some of the highest profile Apple apps have been found to be secretly harvesting data that Apple says is off-limits. Either Apple doesn't look hard enough or they chose to ignore some violations. Either way Apple users aren't as immune to apps that do a bit more than they say as they might assume they have been.

There's a good infographic here that compare the two platforms from a security standpoint:
http://www.redmondpie.com/android-vs...y-infographic/
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #20 of 28
Quote:
Originally Posted by otri View Post

So, unless you're government your best bet is security via the latest OS updates.

- Aaron
Conquer Mobile
http://conquermobile.com

Which is what this article was discussing: Government use in secured environments, not consumer updates.

I completely agree that the slow or non-existent rollout of timely Google Android updates thru the licensees isn't something for Android users to be proud of.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #21 of 28
Who would have thought that there would be a need for classified data in Australia?
post #22 of 28
Quote:
Originally Posted by Gatorguy View Post


There's a good infographic here that compare the two platforms from a security standpoint:
http://www.redmondpie.com/android-vs...y-infographic/

"Gatorguy, Who do you think you are kidding when you say "Android isn't an obvious security risk"?

If you actually read the text of your link it says: "Android also suffers from a marketplace which is the equivalent of a warzone. The Android Market has a minuscule amount of security in place, and Google allows pretty much any application to be submitted to the market for sale or download. Unlike Apple, Google does not check the security or validity of any applications prior to them going up for sale."
post #23 of 28
Quote:
Originally Posted by eZorro View Post

Who would have thought that there would be a need for classified data in Australia?

That was my first thought. We have secrets???

As an additional bonus, iPads used for classified work can also be thrown 'Odd-job' style to cut people's heads off.



Way cool.
post #24 of 28
Quote:
Originally Posted by Secular Investor View Post

"Gatorguy, Who do you think you are kidding when you say "Android isn't an obvious security risk"?

If you actually read the text of your link it says: "Android also suffers from a marketplace which is the equivalent of a warzone. The Android Market has a minuscule amount of security in place, and Google allows pretty much any application to be submitted to the market for sale or download. Unlike Apple, Google does not check the security or validity of any applications prior to them going up for sale."

Your own quote explains it. Android is not "the marketplace" which is a different issue from the security of Android the OS. Android itself is equally as secure (or insecure as the case may be) as iOS. Their handling of the App markets is different.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #25 of 28
Quote:
Originally Posted by Gatorguy View Post

Do some reading other than at AI or other enthusiast sites and you should find out rather quickly that Android isn't an obvious security risk.

How come?

What's to stop people rooting them?

Very few models support hardware based encryption.

Allowing multiple sources can be used to install malware, multiple sources means Amazon or an organisations private store.

Quote:
Originally Posted by Gatorguy View Post

Consumer updates wouldn't apply to secured devices for classified uses.

Giving people heavily modified Donut based devices, sort of defeats the purpose of increasing productivity by giving people what they want to use.
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #26 of 28
Quote:
Originally Posted by Gatorguy View Post

Your own quote explains it. Android is not "the marketplace" which is a different issue from the security of Android the OS. Android itself is equally as secure (or insecure as the case may be) as iOS. Their handling of the App markets is different.

Yes, your'e right. Android's handling of the App market is part of the problem. It is an absolute disaster because anybody, including any crook or fraudster, can produce and easily infiltrate Android devices with rogue, malicious Apps often pirating and masquerading as legitimate Apps.

Piracy per se is also a huge problem for developers, because if they produce a legitimate best seller, pirates will often move in to cream off the the downloads and profits. This makes Android unattractive to developers, many of whom are turning their backs on it. This is one of the explanations for Android's inability to overtake the number of iOS Apps despite numerous predictions that they would do so by the summer of 2010 and repeatedly thereafter

But Android's problems go further than that. Because it is dysfunctionally fragmented, the majority of Android consumers become stranded with old versions of Android, unable to upgrade to newer versions. This has security implications, as well as degrading the user experience for Android devices, as well as creating a nightmare for developers. It forces them to produce lower standards Apps to function at the lower common denominator levels. It forces developers to spend a great deal of time and money testing and de-dugging Apps across dozens of devices and many different versions of Android OS These factors again contribute to their abandoning this platform or giving it less priority.

See: http://theunderstatement.com/post/11...ory-of-support
post #27 of 28
Quote:
Originally Posted by hill60 View Post

How come?

What's to stop people rooting them?

Very few models support hardware based encryption.

Allowing multiple sources can be used to install malware, multiple sources means Amazon or an organisations private store.



Giving people heavily modified Donut based devices, sort of defeats the purpose of increasing productivity by giving people what they want to use.

Android as approved by the DoD for secure classified communications is not an open OS . No consumer grade OS would pass muster, iOS included. There's no "rooting" one nor downloading applications from Google, Amazon or Apple's app markets.
melior diabolus quem scies
Reply
melior diabolus quem scies
Reply
post #28 of 28
Quote:
Originally Posted by otri View Post

Some of the people at Colligo Networks went to Australia to showcase their Briefcase app for iPad, to groups including the government and large enterprise organizations.

As designers of the app, we had to be fully aware of all aspects of security to lock down the entire system. From securely accessing Sharepoint to making sure all data was immediately put in a crypto locked storage. This got audited by Ernst & Young's security researchers, and even has security in the event of the iPad being jailbroken. Apple's APIs guide you to do the right thing, and I'm glad the Australian government acknowledges the platform's security.

The end-to-end security has been a real brain twist for organizations. The US government had provisions saying all devices needed security software on top. There was no provision until very recently for a secure platform, however the way iOS has been designed even the Anti-virus guys can't install their software legitimately. There's some very smart Apple security people that explain how it all works. I spent a full day learning about Apple's security infrastructure at Apple Connect 2012 a couple weeks ago, and it was totally worth it.

I think the BIG WIN is appliance like computing, minimal support costs, on a device that's actually elegant and fun for personal use.

Cheers!
- Aaron
Conquer Mobile
http://conquermobile.com

Cheers.

Quote:
Originally Posted by eZorro View Post

Who would have thought that there would be a need for classified data in Australia?

I hope you are joking and/or not from the US otherwise this is classic American ignorance. You do realise Australia is the only decent US/Nato ally within a radius of, oh, 10,000 miles? That is, this ~quarter~ of the world? (Besides Japan of course, but seeing as one nuclear reactor could have taken out half the country, I don't think the USA should be too optimistic about them). Don't take the local's seemingly lackadaisical nature like GTR below for granted. There's serious sh*t that happens here, only thing is, people tend not to brag about it. Sure, the intellectual, military and political elite can be found at the local pub (bar) having a VB with "Kev" or "Shazza" ... but it doesn't mean they sit around at their day job doing nothing all day. They may drive a $20,000 Holden(Chevy) but doesn't mean they can't afford a Lambo. It's the great illusion, luckily a harmless one, of Australia.

Quote:
Originally Posted by GTR View Post

That was my first thought. We have secrets???

As an additional bonus, iPads used for classified work can also be thrown 'Odd-job' style to cut people's heads off.



Way cool.

Yup, who needs secrets when your mate out the back is the Prime Minister tending to some cows. Just invite him over for a beer and he'll tell you all you need to know.
"Got any secrets mate?"
"Nah mate, just the bloody yanks being tossers. Now let's get on a kangaroo and ride over to the beach for a surf."

Quote:
Originally Posted by justflybob View Post

Well at least now there is one government body that actually got something right.

Despite several flaws, Australia has actually gone from relative backwater to a significant developed country that hasn't descended into chaos like Britain or Ireland.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Australian government approves Apple's iOS for handling classified info