To standardize mobile security, 20 different companies, in collaboration with the Internet of Security Things Alliance (most), are adding new security and privacy requirements for mobile apps and VPNs. Google, Amazon, NowSecure, NCC Group, DEKRA, Onware Security, and 7layers are among the companies who helped contribute to the new ioXt Mobile Application Profile standard.
The new requirements are an extension of the text’s existing compliance program. They also build on standards set forth by the VPN Trust Initiative. According to Google, most Mobile Application Profile offers a security baseline that can help mitigate against common threats and reduce the likelihood of significant vulnerabilities. Most believe this new standard will bring transparency and visibility to consumers and advance IoT security. Mobile app testing provider NowSecure will be providing automatic scans of applications submitted through the Certification Portal.
“We are pleased to partner with the most Alliance to bring a certification standard to the industry for IoT-connected mobile applications,” said Alan Snyder, CEO of NowSecure. “The deep experience of this group of leading experts in mobile and IoT security and established industry standards like the OWASP MASVS has created a strong foundation for this new ioXt mobile app standard and certification program. With NowSecure as an ioXt Authorized Lab and automated security testing software provider, we can speed vendor certification through our fast, high quality, low-cost compliance program and ultimately protect IoT-connected mobile app users.”
The new standard also provides app category-specific requirements determined by specific features of an app, Google explained. For example, an IoT app would only need to be certified under the Mobile Application profile, and a VPN app would need to be approved by both the Mobile Application profile and the VPN extension.
“We look forward to seeing adoption of the standard grow over time and for those app developers that are already investing in security best practices to be able to highlight their efforts. The standard also serves as a guiding light to inspire more developers to invest in mobile app security,” Eugene Liderman, director of Android Security Strategy at Google, and Brooke Davis, Android security and privacy partnerships at Google, wrote in a post.