Making Your Agency Apps Secure

Jan 21, 2016

It’s Saturday night: Do you know what your mobile app is doing?

Securing your mobile device is hard (no matter what day of the week). And there are numerous threats that can be posed by the apps on your device: an app could be spying on you, stealing your money, stealing data or reconfiguring the settings on your device.

Mobile security and antivirus protection concept

Scanrail/iStock/Thinkstock

Security and privacy are part of the six Mobile User Experience Guidelines developed by the MobileGov Community of Practice. A recent webinar dove further into guideline six: Develop security and privacy guidelines with regard to what the app does and how it protects user data and government systems.

Vincent Sritapan, program manager for the Department of Homeland Security Advanced Research Projects Agency (HSARPA), is responsible for overseeing DHS Science and Technology’s Mobile Security research and development projects. The projects are aimed at accelerating the adoption of secure mobile technologies by government and industry.

During the webinar, Sritapan discussed DHS’s efforts to enable the use of secure mobile apps. One of the goals is consistent, repeatable mobile application security testing.

A 3-D white thief figure trying to break into a smart phone with a safe door.

nicomenijes/iStock/Thinkstock

DHS works with the Federal CIO Council’s mobile technology Tiger Team to vet apps and share information across agencies. DHS also works to identify and remediate coding flaws that can impact the security of apps. One common flaw that developers make is giving an app access to a device’s camera when that app does not use the camera’s functionality.

Sritapan offered other tips and noted that the future of mobile security is a collaboration between government and industry. During the second half of the webinar, Josh Bentley from Redhat spoke about how industry tools can support government efforts for secure app development.