Tag: certification

Google to participate in setting standards for mobile app security

Articles – From the horse’s mouth

Google

A standard and certification program now exists for mobile application security

A New Standard for Mobile App Security (Google Security Blog post)

Internet Of Secure Things Alliance (ioXT)

ioXt Alliance Expands Certification Program for Mobile and VPN Security (Press Release)

Mobile Application Profile (Reference Standard Document – PDF)

My Comments

There is a constant data-security and user-privacy risk associated with mobile computing.

And this is being underscored heavily as a significant number of mobile apps are part of “app-cessory” ecosystems for various Internet-of-Things devices. That is where a mobile app is serving as a control surface for one of these devices. Let’s not forget that VPNs are coming to the fore as a data-security and user-privacy aid for our personal-computing lives.

Internet of Secure Things ioXT logo courtesy of Internet of Secure Things Alliance

Expect this to appear alongside mobile-platform apps to signify they are designed for security

But how can we be sure that an app that we install on our smartphones or tablets is written to best security practices? What is being identified is a need for an industry standard supported by a trademarked logo that allows us to know that this kind of software is written for security.

A group called the Internet of Secure Things Alliance, known as ioXT, have started to define basic standards for secure Internet-of-Things ecosystems. Here they have defined various device profiles for different Internet-of-Things device types and determined minimum and recommended requirements for a device to be certified as being “secure” by them. This then allows the vendor to show a distinct ioXT-secure logo on the product or associated material.

Now Google and others have worked with ioXT to define a Mobile Application Profile that sets out minimum security standards for mobile-platform software in order to be deemed secure by them. At the moment, this is focused towards app-cessory software that works with connected devices along with consumer-facing privacy-focused VPN endpoint software. For that matter, Google is behind a “white-box” user-privacy VPN solution that can be offered under different labels.

This device profile has been written in an “open form” to cater towards other mobile app classes that need to have specific data-security and user-privacy requirements. This will come about as ioXT revises the Mobile Application Profile.

Conclusion

The ioXT Internet-of-Secure-Things platform could be extended to certifying more classes of native mobile-platform and desktop-platform software that works with the Internet of Everything. The VPN aspect of the Mobile Application Profile can also apply to native desktop VPN-management clients or native and Web software intended to manage router-based VPN setups.

At least a non-perpetual certification program with a trademarked logo now exists for the Internet of Everything and mobile apps to assure customers that the hardware and software is secure by design and default.

A logo-driven certification program arrives for USB-C chargers

Article

USB-IF announces compliance for USB Type-C devices | Android Authority

From the horse’s mouth

USB Implementers Forum

Press Release (PDF) Certified USB Charger Logo and Compliance Program Infographic courtesy of USB Implementers Forum

My Comments

Previously, the USB standard has become effectively a “DC power supply” standard for smartphones and tablets. This has avoided the need to end up with a desk drawer full of power supplies and battery chargers with the associated question of which one works with which device. It has also led to various points of innovation like USB external battery packs and multiple-outlet USB “charging bars”. Similarly, gadgets like lights, fans and cup warmers have also appeared that can be powered from a computer’s USB port or a USB charger.

There was also the environmental view that we will see less chargers destined to landfill when devices are finally retired or less need to supply chargers with mobile phones. But a common reality is that most of these USB chargers end up being kept near or plugged into power outlets around the house more as a way of allowing “convenience charging” for our gadgets.

But the problem has surface where particular USB chargers don’t do the job properly when charging particular devices, especially high-end smartphones or tablets. Here, you need to be sure that you use something like a 2.1A charger for these devices and have them connected using a cable known to work.

The new USB Type-C standard is bring this concept as a low-profile connection for newer smartphones along with using the USB Power Delivery standard to extend this convenience to larger tablets and laptops. But there have been situations where substandard USB Type-C leads and chargers have been appearing on the market placing our new gadgets at risk of damage due to them being improperly powered.

Now the USB Implementers Forum have brought forward a certification program for USB Type-C chargers and leads with this program augmented by a logo. What will happen is that a charger or external battery pack will have to show this logo and state its power capacity in watts so you can be sure it will charge your Ultrabook or 2-in-1 as well as your smartphone.

What should be required is that the logo and the power output is stamped on the charger body itself and also a colour code is standardised for the power output. Having such a colour code could be useful when recognising which charger from a bunch of chargers could handle your gadget or which one is the right one to buy when you look at that display rack.

At least something is being done to make it easier to be sure we end up with the right USB Type-C power-supply device for that 2-in-1 Ultrabook or smartphone without the risk of the computer not charging or being damaged.