The Internet of Secure Things Alliance (ioXt), an IoT security certification body, has launched a new security certification for VPN and mobile apps.
IoXt’s new compliance program includes a “mobile application profile,” a set of security criteria against which applications can be certified. The profile or classification of the mobile application includes additional requirements for virtual private network (VPN) applications.
Google and Amazon participated in the development of these criteria, along with several certified labs such as NCC Group and Dekra, and mobile app security testing providers such as NowSecure. Google’s VPN, Google Secure Access (GSA), as part of the Google One service, is one of the first to be certified against these criteria.
The Alliance brings together leaders from Amazon, Google, and Facebook
Mobile app developers can certify their apps against a number of security and privacy requirements. The ioXt Alliance is made up of a wide range of members drawn from the technology sector, its board of directors is made up of executives from Amazon, Comcast, Facebook, Google, Legrand, Resideo, Schneider Electric, T-Mobile, Alliance Zigbee, and Z – Wave Alliance.
Some 20 industry figures were involved in drafting the profile requirements for mobile apps, including Amit Agrawal, senior security architect at Amazon, and Brooke Davis of Google Play’s strategic partnerships team. They are both vice presidents of the mobile app profiles group.
Mobile Application Profile Certification includes insecure interface checks, automatic updates, strong password management, default security, and software verification assessment. It also takes into account vulnerability notification schedules and end-of-life policies.
Certified Consumer VPN
According to Brooke Davis, since the ioXt Alliance already performs security checks for IoT devices, it was decided to extend the coverage to the applications that manage these devices. “We’ve seen early interest from IoT and VPN developers, but the standard is suitable for any cloud-connected service, such as social, messaging, fitness, or productivity apps,” she explains.
Certified consumer VPNs include Google One (which has a built-in VPN service), ExpressVPN, NordVPN, McAfee Innovations, OpenVPN for Android, Private Internet Access VPN, and Private VPN.
VPN app accreditation can be helpful for Android owners as Google has to remove malicious VPNs from the Google Play Store from time to time.
Via: ZDNet
