How well are Your Mobile Apps Vetted?
The National Institute of Standards and Technology has issued a draft vetting guide to aid in testing mobile applications to find security vulnerabilities in them, and is accepting industry comment on the guide through Sept. 18, 2014.
The National Institute of Standards and Technology has issued a draft vetting guide to aid in testing mobile applications to find security vulnerabilities in them, and is accepting industry comment on the guide through Sept. 18, 2014.
The draft guide walks through tests to discover and understand vulnerabilities before an organization approves use of an app. For example, when an employee shares a photograph through a mobile application, the mobile app may be granted access to the employees contact list that may hold personally identifiable information that should remain private, according to a NIST explanation. Or, individuals may be tracked without their knowledge by way of a calendar app, social media app, Wi-Fi sensor, or other utilities that access a global positioning system.
According to Tom Karygiannis, a computer scientist at NIST, apps with malware can make a phone call recording or forward conversations without the owner knowing it happened. And some apps are just poorly designed and may rapidly drain batteries.
The guide focuses on the tests that should most be considered when vetting a mobile app, as allowable functionalities on an app may be role-based with some employees having full access to functions while others are limited. The guide is available here and comments can be sent to nist800-163@nist.gov.
The draft guide walks through tests to discover and understand vulnerabilities before an organization approves use of an app. For example, when an employee shares a photograph through a mobile application, the mobile app may be granted access to the employees contact list that may hold personally identifiable information that should remain private, according to a NIST explanation. Or, individuals may be tracked without their knowledge by way of a calendar app, social media app, Wi-Fi sensor, or other utilities that access a global positioning system.
According to Tom Karygiannis, a computer scientist at NIST, apps with malware can make a phone call recording or forward conversations without the owner knowing it happened. And some apps are just poorly designed and may rapidly drain batteries.
The guide focuses on the tests that should most be considered when vetting a mobile app, as allowable functionalities on an app may be role-based with some employees having full access to functions while others are limited. The guide is available here and comments can be sent to nist800-163@nist.gov.
More for you
Loading data for hdm_tax_topic #reducing-cost...