Security News > 2021 > April > Mobile app security standard for IoT, VPNs proposed by group backed by Big Tech
On Thursday the ioXt Alliance, an Internet of Things security trade group backed by some of the biggest names in the business, introduced a set of baseline standards for mobile apps, in the hope that IoT security may someday be a bit less of a dumpster fire.
The announcement of the new Mobile Application Profile [PDF], a certification program covering best practices and requirements to keep mobile apps safer than the low bar of vendor discretion, comes from the collaboration of more than 20 ioXt member companies like Amazon, Comcast, Google, and others.
"This security baseline helps mitigate against common threats and reduces the probability of significant vulnerabilities," said Brooke Davis and Eugene Liderman, from Google's Android security and privacy team, in a blog post.
"The profile leverages existing standards and principles set forth by OWASP MASVS and the VPN Trust Initiative, and allows developers to differentiate security capabilities around cryptography, authentication, network security, and vulnerability disclosure program quality."
In practical terms, that means an ioXt-certified VPN app will include disclosures, somewhere, if the providing company's business practices involve selling data, and will at least have made some effort to implement its code with an eye toward security.
"Mobile Application certification starts at $799 per year and device certification starts at $1,950 per year," said Brad Ree, CTO of the ioXt Alliance, in an email to The Register.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/04/15/mobile_app_security/