In an effort to standardize mobile security, 20 different companies in collaboration with the Internet of Security Things Alliance (ioXt) worked on adding a new set of security and privacy requirements for mobile apps and VPNs.
Google, Amazon, NowSecure, NCC Group, DEKRA, Onware Security, and 7layers are among the companies who helped contribute to the new ioXt Mobile Application Profile standard.
The new requirements are an extension to the ioXt’s existing compliance program. They also build on standards set forth by the VPN Trust Initiative.
According to Google, the ioXt Mobile Application Profile offers a security baseline that can help mitigate against common threats and reduce the likelihood of significant vulnerabilities.
The ioXt believes this new standard will bring transparency and visibility to consumers and advance IoT security.
Mobile app testing provider NowSecure will be providing automatic scans of applications submitted through the Certification Portal.
“We are pleased to partner with the ioXt Alliance to bring a certification standard to the industry for IoT-connected mobile applications,” said Alan Snyder, CEO of NowSecure. “The deep experience of this group of leading experts in mobile and IoT security and established industry standards like the OWASP MASVS has created a strong foundation for this new ioXt mobile app standard and certification program. With NowSecure as an ioXt Authorized Lab and automated security testing software provider, we are able to speed vendor certification through our fast, high quality, low cost compliance program and ultimately protect IoT-connected mobile app users.”
The new standard also provides app category specific requirements that are determined by specific features of an app, Google explained. For example, an IoT app would only need to be certified under the Mobile Application profile, and a VPN app would need to be certified by both the Mobile Application profile and the VPN extension.
“We look forward to seeing adoption of the standard grow over time and for those app developers that are already investing in security best practices to be able to highlight their efforts. The standard also serves as a guiding light to inspire more developers to invest in mobile app security,” Eugene Liderman, director of Android Security Strategy at Google, and Brooke Davis, Android security and privacy partnerships at Google, wrote in a post.