WASHINGTON—The National Institute of Standards and Technology (NIST) has developed a guide that organizations can use to help them vet applications that run on mobile devices.
The “Vetting the Security of Mobile Applications” guide offers guidance on how to plan the implementation of a mobile vetting process, how to develop app security requirements; how to understand the types of app vulnerabilities and the testing methods used to detect those vulnerabilities; and how to determine if an app is acceptable for deployment on an organization’s mobile devices.
The goal, according to NIST, is to help an organization understand all of the risks inherent in any mobile application.
“Because mobile devices contain many physical sensors that continuously gather and share information, many apps access more data than many users realize,” NIST said. As examples, it cited a mobile photo-sharing app that could grant access to the employee's contact list that holds personally identifiable information, potentially exposing information that should remain private. Or, a calendar app, social media app, Wi-Fi sensor or other utility that accesses a global positioning system might track individuals without their knowledge.