The U.S. National Institute of Standards and Technology is working to develop a third party app guide.
A recent statement made by the U.S. National Institute of Standards and Technology (NIST) has revealed that in the effort to develop a proper guide that takes mobile security into account in the testing of third party apps to ensure that they will not introduce additional vulnerabilities to a device, input is now being accepted.
The government agency has already created a draft of the recommendations and is looking for comments.
NIST has now created the “Technical Considerations for Vetting 3rd Party Mobile Applications” and is now looking to obtain industry feedback about this mobile security guide. It will continue to receive comments and suggestions on this document until September 18. The goal is to make it easier for enterprises to use commercial mobile programs more completely.
The guide is based on the premise that mobile security can only be achieved when an app’s function is truly understood.
According to Tom Karygiannis, a computer scientist from NIST, who released a statement with regards to the release of the draft of the guide, “Agencies and organizations need to know what a mobile app really does and to be aware of its potential privacy and security impact so they can mitigate any potential risks.”
While it is not uncommon for many apps, such as calendars, to require access to other parts of the operating system of the device in order to function, when permission is granted, it could open up a device or a secured system to a range of additional mobile security vulnerabilities.
Karygiannis added that the draft of the guidelines “describes tests that allow software security analysts to discover and understand vulnerabilities and behaviors before the app is approved for use.” Once completed, this document will provide organizations with a guide that they will be able to follow in order to be able to effectively test third party mobile apps that they are interested in using for their own official business. It will also provide information with regards to the types of vulnerabilities that are common on Apple iOS and Google Android based mobile devices.