Vetting the Security of Mobile Applications

Quirolgico, Stephen; Voas, Jeffrey; Karygiannis, Tom; Michael, Cristoph; Scarfone, Karen

doi:https://doi.org/10.6028/NIST.SP.800-163

July 19, 2023: URLs for CSRC publication details pages have changed. Legacy URLs should automatically redirect to the new URLs. However, links to the actual publications have NOT changed (e.g., DOIs and PDFs on nvlpubs.nist.gov). Please send inquiries to csrc-inquiry@nist.gov.

NIST SP 800-163

Withdrawn on April 19, 2019. Superseded by SP 800-163 Rev. 1

Vetting the Security of Mobile Applications

Documentation Topics

Date Published: January 2015

Author(s)

Stephen Quirolgico (NIST), Jeffrey Voas (NIST), Tom Karygiannis (NIST), Cristoph Michael (Leidos), Karen Scarfone (Scarfone Cybersecurity)

Abstract

Today's commercially available mobile devices (e.g., smartphones, tablets) are handheld computing platforms with wireless capabilities, geographic localization, cameras, and microphones. Similar to computing platforms such as desktops and laptops, the user experience with a mobile device is tied to the software apps and the tools and utilities available. The purpose of this document is to provide guidance for vetting 3rd party software applications (apps) for mobile devices. Mobile app vetting is intended to assess a mobile app’s operational characteristics of secure behavior and reliability (including performance) so that organizations can determine if the app is acceptable for use in their expected environment.

Keywords

malware; mobile apps; mobile devices; smartphones; software reliability; software security; software testing; software vetting

Control Families

Planning; Risk Assessment; System and Communications Protection

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.800-163
Download URL

Supplemental Material:
Press Release

Document History:
01/26/15: SP 800-163 (Final)

Topics

Security and Privacy

planning, security automation, threats, vulnerability management

Technologies

mobile