NSA's Secure Android Spec
The NSA has released its specification for a secure Android.
One of the interesting things it’s requiring is that all data be tunneled through a secure VPN:
Inter-relationship to Other Elements of the Secure VoIP System
The phone must be a commercial device that supports the ability to pass data over a commercial cellular network. Standard voice phone calls, with the exception of emergency 911 calls, shall not be allowed. The phone must function on US CDMA & GSM networks and OCONUS on GSM networks with the same functionality.
All data communications to/from the mobile device must go through the VPN tunnel to the VPN gateway in the infrastructure; no other communications in or out of the mobile device are permitted.
Applications on the phone additionally encrypt their communications to servers in infrastructure, or to other phones; all those communications must be tunneled through the VPN.
The more I look at mobile security, the more I think a secure tunnel is essential.