Mobile security has never really been standardized. Now, 20 companies are coming together to collaborate with the Internet of Security Things Alliance, to provide a new set of security and privacy requirements for VPNs and mobile applications.
The companies include NowSecure, Google, Amazon, DEKRA, 7layers, NCC Group, Onware Security, and more. Together, they helped contribute to the new ioXt Mobile Application Profile Standard.
The new requirements expand the existing ioXt compliance program and also build on standards formulated by the VPN Trust Initiative. Google says that the ioXt Mobile Application Profile is the security baseline that can help deal with common threats and reduce vulnerabilities.
A mobile standard
The ioXt believes that the new standard will add transparency and visibility for consumers and pull forward IoT security. The mobile app testing provider, NowSecure, will provide automatic scans of apps submitted through the certification portal.
Alan Snyder, NowSecure’s CEO, said the company is pleased to partner with the ioXt Alliance, to bring a certification standard to the industry for mobile-connected IoT apps.
The deep experience that NowSecure has in mobile and IoT security, with established industry standards like OWASP MASVS, creates the perfect foundation for the new ioXt mobile apps standard and certification program.
Protections at last
The new standard also has app category-specific requirements determined by specific features in the apps. For instance, an IoT app would only need to be certified under the Mobile Application profile and a VPN app will be certified by both the Mobile Application profile and the VPN extension.
Eugene Liderman, the director of Android Security Strategy at Google, said that the company looks forward to seeing the adoption of the standard. As for those already investing in best practices, the platform will only serve to highlight their efforts.
It’s a start in protecting the wild west that is mobile security.