New Technologies Bring New Opportunities and New Risks: Vetting Mobile Apps

The National Institute of Standards and Technology published guidance to help government agencies perform security and privacy assessments on mobile apps.

Special Publication 800-163 -- Vetting the Security of Mobile Applications, while intended for a government audience, can also benefit private industry app developers and enterprise security professionals. The document is designed to help organizations understand the process for vetting the security of mobile applications, plan for the implementation of an app vetting process, develop app security requirements, understand the types of app vulnerabilities and the testing methods used to detect them, and determine if an app is acceptable for deployment on the organization's mobile devices. When users download apps to their personal devices, they are usually willing to accept some risk, rarely read the app privacy policies and certainly cannot be expected to be software assurance experts. But government employees who are trusted with sensitive data must make sure that data they collect, share and store is protected against unauthorized disclosure. NIST SP-800-163 provides the guidelines that can help an agency make informed decisions to strike a balance between potential productivity gains and any new privacy or security risks that may result from the installation and use of the mobile app.