Analyzing the Effectiveness of App Vetting Tools in the Enterprise
Abstract
Enterprises invest significant resources in mobile application vetting to determine whether apps are safe to deploy on mobile devices. Application vetting seeks to identify security vulnerabilities and malicious or privacy violating behaviors in applications. It generally involves a time- and labor-intensive effort, resulting in high costs and delays in approving apps for use. Additionally, mobile application developers often operate on a rapid development cycle, where manual vetting approaches cannot keep up with the releases of new application versions. Mobile application vetting solutions exist that can help enterprises automate the mobile application vetting process. This report provides guidance to enterprises on how to assess the feasibility of applying these solutions, including MITRE's methodology, evaluation criteria, test applications, and overall results from MITRE's analysis performed in 2016 of available solutions. MITRE created criteria to evaluate the ability of these solutions to assess apps against requirements in the NIAP Protection Profile for Application Software, as well as additional criteria for broader application vetting solution capabilities, threats against the application vetting solution itself, and other common mobile application vulnerabilities and malicious behaviors.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 22, 2016
- Accession Number
- AD1108045
Entities
People
- Carlton Northern
- Michael Peck
Organizations
- MITRE Corporation