GoodReader, a top-selling, five-star-rated iPad/iPhone application in the iTunes App store, is a PDF reader that also has markup capabilities with freehand drawing, line drawings, sticky notes, text boxes, and other features that would allow better utilization of static maps and flight planning documents. It also includes the ability to encrypt data on the iPad, making it a useful addition to a pilot's flight bag.
While no official reason for the cancellation of the project has been given, sources have indicated that the problem stems from the fact that the GoodReader software is provided from a developer in Russia. The very minimalist website of the vendor, Good.iWare, doesn't include contact information for the company and includes only a few brief pages describing the products available and a blind contact form for users with support questions.
According to a report on the Nextgov website, the director of the Army's smartphone connectivity project, Michael McCarthy, was quoted as saying that he would not use software developed in Russia due to the potential risk to which it could expose end users. The presumption is that there is the potential for intentional security issues introduced into a software product from a country that has historically been inimical to the goals of the United States.
The original AFSOC proposal for the acquisition of tablet devices for the pilot's flight bag specified the GoodReader application as a requirement for the purchase, due to the capabilities of the software and how those capabilities meshed with the needs of the pilot. There is no other single application with the same feature set as GoodReader, though its capabilities could conceivably be matched using a less convenient combination of other products.
This issue goes beyond the normal concerns of using commercial devices in a business environment. The military needs to vet software used in mission-critical roles on an almost line-by-line basis to assure that there are no intentional pieces of malicious code buried in applications that could compromise the security and safety of military personnel or their missions.
Though the AFSOC has refused to comment on this issue, Yuri Selukoff, the developer of Goodreader, told Nextgov, "I am not affiliated with any government institution, neither Russian, nor any other, [and] GoodReader doesn't have any malicious code built into it. Having said that, I am open to any security/penetration tests that anyone would be willing to perform on the app."
This issue also points to the trust that has been applied to applications purchased form the Apple iTunes App store. In years of working with ISVs, you learn that appearance is a big part of the sales process. While a great website is not a requirement for successful applications, a website with too little information has always been a bit of a red flag. Good.iWare, like many businesses that sell through the App store, has an almost non-existent web footprint outside of product reviews and the iTunes store.
Of course, the security issue could be a red herring. The real reason for the cancellation could be that someone at the AFSOC noticed that the iPad 3 is due out in just a few weeks, and is reconsidering a large investment in technology that will soon be obsolete.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.