The military is funding software that will exploit weaknesses in Android mobile applications to test the tools’ security before releasing them in a forthcoming warfighter app store, contract documents show.
The Defense Advanced Research Projects Agency, since May 2010, has been developing an online Android app store for troops on the battlefield, and now the agency wants to ensure any tools loaded into the marketplace are worm-proof. So the government has awarded a disabled veteran-owned small business called Aderon LLC a $73,879 contract to help build testing software. The security tool is slated to be released 12 months from now, according to the government’s procurement database.
The software “will expose potential security vulnerabilities through fault injection” -- the introduction of errors into code -- as well as enforce access controls, the documents state. And it will “scan, annotate, modify and instrument Android mobile application software” to comply with Defense Department security requirements. When flaws are detected, the program will alert software analysts to the problem and help them fix the bugs.
The testing software also must be able to analyze third-party app libraries invoked by the Android tool. The work will be performed through the National Institute of Standards and Technology computer security division. NIST began vetting contractors less than a month ago. Aderon will design the program in-house and occasionally meet with NIST officials at the agency’s Gaithersburg headquarters.
The forthcoming app store is intended to slash the traditionally lengthy process of acquiring and updating information technology for national security missions. The downloadable mobile tools are expected to support service members with, among other tasks, command and control of military systems, intelligence gathering, surveillance and language translation.
In June, the Pentagon released a mobile device strategy that offered top-level policy guidance on the use of smartphones and tablets, but offered no specifics on how to secure them for use on Defense networks.