ioXt Alliance Launches A New Security Certification For Mobile Apps

The Internet of Secure Things Alliance Expands Certification Program for Mobile and VPN Security

Recently, the ioXt Alliance, the Global Standard for IoT security announced that it has launched a new security certification for mobile apps and VPNs.

ioXt Alliance said that it has expanded its ioXt Compliance Program with a new mobile application profile with added requirements for VPN applications. These new security standards will bring more transparency and visibility to consumer and enterprise buyers, to advance security in the IoT industry as a whole. 

More than 20 industry stakeholders, including Google, Amazon, and a bunch of certified labs like NCC Group and Dekra, and automated mobile app security testing vendors such as NowSecure collaborated to develop this new security standard for mobile apps. 

ioXt has more than 300 members across various industries, and covers a wide range of device types, including smart lighting, smart speakers, and webcams. As most smart devices are managed via apps, ioXt has expanded coverage to include mobile apps with the launch of this profile.

"We’ve seen early interest from Internet of Things (IoT) and virtual private network (VPN) developers, however, the standard is appropriate for any cloud-connected service such as social, messaging, fitness, or productivity apps." wrote Google

Source: Google

The Mobile Application Profile sets commercial best practices for all cloud-connected apps running on mobile devices. This security baseline helps mitigate against common threats and decreases the chances of significant vulnerabilities. The profile follows existing standards and principles set forth by OWASP MASVS and the VPN Trust Initiative. And it enables programmers to differentiate security capabilities around cryptography, authentication, network security, and vulnerability disclosure program quality.

Google said that it has observed that app developers were very quick to resolve any issues that were discovered during their blackbox evaluations against this new standard, many a time with turnarounds in a matter of days. The company looks forward to seeing the adoption of the new standard grow over time and for those app developers that are already investing in security best practices to be able to highlight their efforts.