The National Institute of Standards and Technology (NIST) today released its Special Publication (SP) 800-163 Revision 1 (April 2019) entitled: Vetting the Security of Mobile Applications. The Abstract of the Publication is reproduced here:
“Mobile applications are an integral part of our everyday personal and professional lives. As both public and private organizations rely more on mobile applications, ensuring that they are reasonably free from vulnerabilities and defects becomes paramount. This paper outlines and details a mobile application vetting process. This process can be used to ensure that mobile applications conform to an organization’s security requirements and are reasonably free from vulnerabilities.”
Keywords identified for the Publication are:
- “App vetting;
- App vetting system;
- Malware;
- Mobile applications;
- Mobile security;
- National Information Assurance Process (NIAP);
- Security requirements;
- Software assurance;
- Software vulnerabilities; and
- Software testing.”
Of particular note is Appendix A: Threats to Mobile Applications, that provides explanations of particular threats (pp. 29-31):
- “Ransomware
- Spyware
- Adware
- Rooting
- Trojan Horse
- Infostealer
- Hostile Downloader
- Short Message Service (SMS) Fraud
- Call Fraud
- Man in the Middle (MITM) Attack
- Toll Fraud.”