Stories
Slash Boxes
Comments

SoylentNews is people

NIST Taking Input for Mobile Security Guidelines

posted by n1 on Friday August 22 2014, @05:31PM   Printer-friendly
from the suggestions-are-being-monitored-for-quality-assurance-purposes dept.

AnonTechie writes:

PC World reports:

The U.S. National Institute of Standards and Technology (NIST) is developing a guide for testing third-party apps to ensure that they are secure and don’t introduce any vulnerabilities.

The government agency has prepared a draft of its recommendations, “Technical Considerations for Vetting 3rd Party Mobile Applications,” and is seeking industry feedback by Sept. 18. The aim is to help enterprises make full use of commercial mobile programs.

Would you like to contribute to the NIST effort?

 
This discussion has been archived. No new comments can be posted.
NIST Taking Input for Mobile Security Guidelines | Log In/Create an Account | Top | 10 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by c0lo on Friday August 22 2014, @10:26PM

    by c0lo (156) on Friday August 22 2014, @10:26PM (#84506) Journal

    * Every application runs in a local sandbox, with a fixed amount of memory, processing, etc. Attempts to exceed these limits crashes the app and the sandbox.

    Unfortunately, this will result in a phone/tablet nobody will use today - I suspect this resulted from the amount of resources the phone/tablet has (highly limited RAM/CPU/storage and mainly battery time, as more processing/storage grunt will necessarily needs more energy). Maybe after some years, time required for the battery technology to evolve

    I attempted to learn programming Android a while ago (gave up for the lack of time, thus I might be wrong): the very philosophy of an Android app is the app is actually something that provides services to other application, which will consume those services by registering callbacks - even the GUI of an application is written in this style, I suspect that the Android stack calls into your services and draws itself the GUI as indicated (as opposed to your app owning the GUI).
    E.g. you don't have a library to call and render the Google maps, all you do you ask the "Google map service" (running or started as a "process" on top of the Android stack) to do its job in an area of the screen you indicate and call you back with the results when the user does something.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2