The Mobile Application Profile provides a minimal set of industry best practices for all applications on mobile devices.
Google is actively promoting a new standard designed to strengthen the basic security of mobile applications. The Mobile Application Profile standard was developed by the Internet of Secure Things Alliance (ioXt) consortium of more than three hundred members, including Google, Facebook, T-Mobile, Zigbee Alliance, Schneider Electric, etc.
“With the participation of so many companies, ioXt covers a wide range of different types of devices, including smart lighting systems, smart speakers and webcams, and since most smart devices are controlled through apps, it has expanded its reach to include mobile apps at launch. Brooke Davis and Eugene Liderman of the Android Security and Privacy Team said.
IoXt's Mobile Application Profile provides a minimum set of industry best practices for all cloud-connected applications running on mobile devices. This basic security helps counter common threats and reduces the potential for attackers to exploit dangerous vulnerabilities.
The Mobile Application Profile covers passwords, interfaces, encryption, software updates, vulnerability reporting, and security by default. The standard is based on the OWASP MASVS and VPN Trust Initiative frameworks. While mobile applications need only be certified with the Mobile Application Profile, VPN applications must also comply with a dedicated VPN extension.
“The certification will enable developers to demonstrate the safety of a product, and we are very pleased with this standard's ability to move the industry forward. We noticed that the application developers were very quick to resolve any issues identified during the black box strategy standard testing, often fixing bugs within a few days”, noted Davis and Liderman.
Black box testing or behavioral testing is a strategy (method) for testing the functional behavior of a program from the point of view of the outside world, in which knowledge about its code is not used. In other words, testing the black box is done by testers who do not have access to the source code of the application.