More security and transparency ioXt Alliance introduces new Mobile Application Profile
The ioXt Alliance, an industry association around standards in the field of IoT security, has presented a new mobile application Profile. It contains standardized requirements for mobile applications and is intended to ensure greater security and transparency.
Companies on the topic
The ioXt Alliance wants to ensure certified app quality with the new Mobile Application Profile.
(Image: ioXt Alliance)
The new profile has been defined by technology giants such as Google and Amazon in collaboration with security labs, NowSecure, NCC Group, DEKRA, Onward Security and 7layers. It was also coordinated with the” VPN Trust Initiative”. The aim of the Mobile Application Profile is to increase transparency and visibility for consumers and corporate customers as well as to promote security in the IoT industry in general.
Specifications for developers
The profile provides a number of security and privacy requirements with defined acceptance criteria. Based on these specifications, developers can have their IoT and VPN apps certified by the ioXt Alliance. They include basic commercial best practices for cloud-connected apps running on mobile devices. Common threats should be minimized on this Basis, and the Occurrence of significant weaknesses reduced.
The profile relies on existing standards and principles, such as the Mobile AppSec Verification Standard. This allows developers to differentiate security functions around cryptography, authentication, network security and the disclosure of vulnerabilities. In addition, a framework is on board that allows the categorical evaluation of app-specific requirements. For example, a pure IoT app only requires certification according to the Mobile Application Profile, while a VPN app must meet extended requirements.
A certification by the ioXt Alliance confirms the product safety of the apps and should become the industry standard in the long term. In initial projects, it was already established that developers were able to fix problems found during the evaluation in a remarkably short time. At the start, the apps Comcast, ExpressVPN, GreenMax, Hubspace, McAfee Innovations, NordVPN, OpenVPN for Android, Private Internet Access, VPN Private and Google One including VPN by Google One were certified.
“As we continue to be connected more than ever, privacy and security of VPNs and mobile apps are increasingly at the forefront of consumers, developers and stakeholders,” said Brad Ree, CTO of the ioXt Alliance. As part of the new profiles, they are working with industry experts and industry leaders to make security standards scalable and applicable across VPNs and mobile apps. “In this way, we want to ensure customer trust, transparency and adequate protection for end users,” Ree emphasizes.