This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Vetting Mobile Apps
July/August 2011 (vol. 13 no. 4)
pp. 9-11
Steve Quirolgico, National Institute of Standards and Technology
Jeffrey Voas, National Institute of Standards and Technology
Rick Kuhn, National Institute of Standards and Technology

Billions of copies of apps for mobile devices have been purchased in recent years. With this growth, however, comes an increase in the spread of potentially dangerous security vulnerabilities. Because of an app's low cost and high proliferation, the threat of these vulnerabilities could be far greater than that of traditional computers. Thus, purchasing organizations or third-party labs should vet the apps before selling them, and consumers need to understand the risks of apps and the prospects for ensuring their security.

1. "DYNA TAC Cellular Mobile Telephone, Instruction Manual," Motorola Corp., Feb. 1983.
2. "Wireless Industry Indices Report, 1985–2009," CTIA, Jan. 2010.
3. "Measuring the Information Society," Int'l Telecommunication Union, 2010; www.itu.int/ITU-D/ict/publications/idi2010 .
4. M. Ramsay, "China's Mobile Subs Top 775 Million," Wireless Week, 21 June 2010; www.wirelessweek.com/News/2010/06Carriers-China-Mobile-Subs-775M .
5. "1Q10 China Mobile Operator Forecast, 2009–2014," IE Market Research Corp., Feb. 2010; www.researchandmarkets.com/research/906b57 1q10_china_mobile_operator_forecast_2009_2014 .
6. V. Gray, "Asia-Pacific Telecommunication/ICT Indicators 2008 Broadband in Asia-Pacific: Too Much, Too Little?" Int'l Telecommunication Union, Sept. 2008; www.itu.int/pub/D-IND-AP-2008en.
7. D. Goodin, "Security Shocker: Android Apps Send Private Data in the Clear," The Register, 24 Feb. 2011; www.theregister.co.uk/2011/02/24android_phone_privacy_shocker .
8. D.R. Kuhn, Y. Lei, and R. Kacker, "Practical Combinatorial Testing—Beyond Pairwise Testing," IT Professional, vol. 10, no. 3, 2008, pp. 19–23.
9. Software Assurance (SwA) in Acquisition: Mitigating Risks to the Enterprise, Appendix D, Dept. of Homeland Security, 2008; https://buildsecurityin.us-cert.gov/swaacqart.html#ques .
10. V. Okun, A. Delaitre, and P. Black, "Second Static Analysis Tool Exposition," Nat'l Inst. Standards and Technology, June 2010; http://samate.nist.gov/docsNIST_Special_Publication_500-287 .pdf.

Index Terms:
Keywords: mobile devices, apps, security, information technology
Citation:
Steve Quirolgico, Jeffrey Voas, Rick Kuhn, "Vetting Mobile Apps," IT Professional, vol. 13, no. 4, pp. 9-11, July-Aug. 2011, doi:10.1109/MITP.2011.73
Usage of this product signifies your acceptance of the Terms of Use.