The National Institute of Standards and Technology has issued a draft “vetting guide” to aid in testing mobile applications to find security vulnerabilities in them, and is accepting industry comment on the guide through Sept. 18, 2014.

The draft guide walks through tests to discover and understand vulnerabilities before an organization approves use of an app. “For example, when an employee shares a photograph through a mobile application, the mobile app may be granted access to the employee’s contact list that may hold personally identifiable information that should remain private,” according to a NIST explanation. “Or, individuals may be tracked without their knowledge by way of a calendar app, social media app, Wi-Fi sensor, or other utilities that access a global positioning system.”

According to Tom Karygiannis, a computer scientist at NIST, apps with malware can make a phone call recording or forward conversations without the owner knowing it happened. And some apps are just poorly designed and may rapidly drain batteries.

The guide focuses on the tests that should most be considered when vetting a mobile app, as allowable functionalities on an app may be role-based with some employees having full access to functions while others are limited. The guide is available here and comments can be sent to nist800-163@nist.gov.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access