Govt still hasn’t certified Apple iOS devices

16

news Apple’s iPhone 3G was first released in Australia three and a half years ago, and its flagship iPad tablet 18 months ago. But the Federal Government still hasn’t certified the devices for use in government agencies, despite having pledged to do so by September last year, and despite approving Research in Motion’s unpopular rival, the BlackBerry PlayBook.

The organisation responsible for certifying technology software and hardware for use by government agencies in Australia is the Defence Signals Directorate, which sits within the Department of Defence. Historically the organisation has focused on certifying mobile operating systems from BlackBerry maker Research in Motion and Microsoft.

In July last year, DSD revealed — and the Australian Government Information Management Office confirmed — that DSD was evaluating Apple’s iOS platform, with certification slated to be complete by September last year. At the time, DSD published an interim guide to hardening the security on iOS devices, including the iPod Touch, the iPhone and the iPad.

This week Delimiter queried the Department of Defence on the matter, asking what the current status was of DSD’s project to certify iOS devices, when it anticipated the products would be added to DSD’s Evaluated Products List, and what had caused the delay.

However, DSD did not respond directly to the majority of the questions.

“DSD, as the Commonwealth authority on information security, will continue to produce advice and assistance for technology based on the business requirements of Australian Government users,” the organisation said in a statement. “To do this, DSD works closely with industry partners to enable effective information security options for Australian Government agencies.”

“DSD’s work in evaluating the latest version of the iOS is moving towards the final stage. DSD evaluations take time to complete to ensure the integrity of the product meets the specific security requirements of the Australian government.”

The delay comes despite the fact that Research in Motion’s BlackBerry PlayBook tablet, which was released in Australia in mid-2011, a year after Apple’s first iPad, was in 2011 approved by DSD for Government use. The tablet has failed to take significant market share globally, and is believed to have achieved only a very small share of the tablet market in Australia, with the iPad estimated to have taken somewhere north of 80 percent of Australia’s tablet market.

A number of BlackBerry and Windows Mobile devices were already approved by DSD for government use, throughout 2007 to 2011.

The delay also comes despite the fact that a number of senior government officers, ranging from politicians to public servants, use the iPhone and iPad devices extensively for their daily work. In October, the Department of Parliamentary Services revealed in October last year that it would allow its growing fleet of 40 iPad users to access full desktop and internal IT services under its ongoing pilot of the tablets.

High-profile politicians such as Communications Minister Stephen Conroy and his shadow, Malcolm Turnbull, regularly use Apple iOS devices for their daily work.

In addition, Defence this week declined to respond to a question on whether it had seen any further interest from government stakeholders in certifying the Android operating system, which is believed to have even stronger market share in Australia than Apple’s devices, but has not yet been adopted strongly for corporate use. “The Android platform has not yet been submitted for DSD evaluation,” a Defence spokesperson said in response to a question on the issue in July. “At this time, the use of the Android platform for Australian government business does not necessitate the production of a hardening guide.”

opinion/analysis
The DSD’s certification program has clearly descended into a farcical situation. The organisation has no problem certifying BlackBerry devices which fewer and fewer people are using, but has not yet certified the Apple iPhone for use within Government, three and a half years after it was released in Australia or the Apple iPad, 18 months after it was released locally.

I have no idea what is going on inside DSD, but it’s time the organisation started responding more speedily to the needs of its public service users, who are audibly demanding that they be allowed to use these devices in their everyday life. This is a perfect example of government inaction in action.

Image credit: Apple

16 COMMENTS

  1. When the certification cycle is longer then the release cycle for all major mobile vendors, you need to start wondering if you’re doing it wrong :).

  2. As someone who, in a past life, has had to deal with DSD on matters of network hardening, IT security and device certification I can state unequivocally that it’s largely NOT interested in making the APS’ life easier.

    We used to refer to them as “The Department of No”.

    The certification timeline is, for all intents and purposes, designed to discourage change and innovation.

  3. Tell you right now why it would be taking so so long… apple loves to store all your personal information, your location, what you like to do, what you type fir their “marketing” thus in ut self is a massive security breach that if you read the terms and conditions you agree too, so if you think about a government agency having all that data stored quite possibly in another country that in itself is a massive security threat, and apple being so arrogant wouldn’t change it fir them… Guarenteed

    • There are obvious ways to stop Apple storing your info if you’re using an iOS device. I have turned off almost all of the things on my iPhone and iPad which rang alarm bells with me. I’m sure a security professional could do a lot more.

  4. Have you thought the delay might be due to that fact that when you compare security of an iOS (or Android device for that matter) with a BlackBerry there essentially is no comparison.

    http://www.pcworld.com/businesscenter/article/249140/blackberry_os_achieves_coveted_government_security_clearance.html

    When it comes to security, popularity means nothing. So saying you don’t know why a less popular product (for consumers) takes longer to security certify than a tablet / smartphone designed with security from the start, just shows you don’t understand the underlying technology.

    I don’t argue that iOS and Android are great for the consumer, but believe they really don’t have a place in most businesses yet, and certainly not in govt or finance

  5. the as someone already mentioned what does popularity of a device with consumers have to do with suitability for secure government or corporate work. Certain products are simply not suitable for some uses.

    Greetings from Canada

  6. I realise that people who don’t know better love to attack soft media targets like the DSD but have you considered the possibility that a “consumer” product which was never designed to provide the user with any particular assurance about it’s ability to handle anything but unclassified information may struggle to get through the rigourous assessment process? Also given the teeny-weeny market that business & government represent to Apple for IOS do you think it could be a very time consuming process getting them to address any issues if they did find any? RIM marketed and designed their products for business / government use, Apple designed and market their IOS products for the mass market.
    Sorry, not as much fun as picking on the government is it but probably the reason the pollies still can’t play Angry Birds in cabinet but they probably do anyway.
    (don’t forget to keep your tin-foil hat handy)

  7. I can’t say I blame the DSD. I spite of iOS being a tremendously popular consumer product, it has serious security flaws that would make any business or government agency concerned with privacy and sensitive data avoid iOS at all costs. As for the other Australian Government Officials using iOS they are probably dealing with non sensitive data, although we know what a disaster this can be vis a vis the Murdoch phone hacking scandals that seem to multiply by the minute. Google Murdoch’s Database 3 -fun read that also reveals aspects as to the concerns of this article. Simply disabling an iOS device would do little, to meet security standards,major elements of iOS would need to be disabled as well.RIM still remains the OS of choice for many buisineses and governments who value privacy. As for the U.S Armed forces choosing Android , they have the resouces and capabilities to create their own version of Android exclusively for themselves, a private OS, I highly doubt Apple would let them create a private version of iOS.

Comments are closed.