NIST Drafts Mobile App Security Guidelines - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
NIST Drafts Mobile App Security Guidelines
Threaded  |  Newest First  |  Oldest First
David F. Carr
100%
0%
David F. Carr,
User Rank: Author
8/28/2014 | 4:32:37 PM
Mobile app security can't just be a government problem
I suspect to a large extent enterprises outside of the public sector are in no better shape for assessing the security of mobile apps.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
8/30/2014 | 6:01:40 PM
Re: Mobile app security can't just be a government problem
David,

I have a strong feeling that you are quite right and accurate here.

Most Organizations don't have the time and inclination to go through all the Apps Permissions Jargon and what not for most Employees.

They would rather just hand them the Phones and ask them to get on with the Job.

The end result can end up being very scary and disastrous for all concerned.

Sad but true.

Regards

Ashish.
asksqn
50%
50%
asksqn,
User Rank: Ninja
8/28/2014 | 5:01:16 PM
NIST Guidelines Not Very Realistic
The problem with the NIST guidelines is that every single app demands access to contacts, among other intrusive rights demanded.  Of course, the user has the option of not granting that particular privilege, in which case, the app just won't install/work correctly.  
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
8/30/2014 | 5:32:11 PM
Re: NIST Guidelines Not Very Realistic
Asksqn,

Actually if One looks at these Guidelines(Given that they are almost exclusively aimed at Public Sector Enterprises),its a good list.

It forces not just in-house App Developers (at Public Sector Companies)but also anyone targetting Public Sector Companies to develop less Privacy Intrusive Apps if they want to gain such traction there.

I think its a really-really great list and should be enforced strongly by Individual IT Departments.

Regards

Ashish.
Ashu001
50%
50%
Ashu001,
User Rank: Ninja
8/30/2014 | 6:22:43 PM
Why no Guidelines for Windows or Blackberry Apps?
I was very surprised that NIST did'nt take the time and effort to also come up with Effective Guidelines List for Windows and RIM.

Sure,I am not disputing that Android and iOS are easily the dominant Mobile OSes(who control more than 70% of the smartphone market between themselves currently) but the other Two OSes are not something which can and should be neglected going ahead.

Windows in particular is finally gaining traction(especially at the Low-End) and I won't be surprised if they do go head to head with Android in the next 2 years or so.

The Lumia range is definitely turning heads currently and the HTC One Windows Phone is very catchy too.

What happens then?

Why not more coverage?

Lets also not forget the massive weakness in Smartphone Memory which was recently exploited at Defcon to show easy it is to break into Gmail App and many other such similar apps.

The Other apps hacked included H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.

I am hoping NIST does'nt take this issue lightly.

After all,the pace at which Android Malware is exploding(almost in tandem with increased Android Adoption) knows no bounds currently.

Alternative Mobile OSes need to see much coverage primarily because Privacy Conscious Consumers will look for them.

Even Samsung recently decided to push TIZEN in tandem with Intel .

We definitely do need more App Stores and OSes covered than just the Big Two.

Regards

Ashish.


The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll