An IoT security certification organization the Internet of Secure Things Alliance or ioXt has issued a new security certification for mobile apps for IoT devices and VPNs. April 15 it announced the expansion of its ioXt Compliance Program with new requirements for VPN applications.
The ioXt Alliance’s board comprises top brass from Amazon, Comcast, Google, Facebook, Resideo, Legrand, Schneider Electric, T-Mobile, the Zigbee Alliance, and the Z-Wave Alliance.
The new ioXt compliance program includes a “mobile application profile” which defines a set of cybersecurity criteria and requirements for virtual private network (VPN) applications
that they can be certified against.
According to Google Play’s Brooke Davis, the ioXt decided since the ioXt Alliance already checks IoT devices, then it made sense to expand coverage to apps that managed these devices.
“We’ve seen early interest from Internet of Things and virtual private network developers, however the standard is appropriate for any cloud-connected service such as social, messaging, fitness, or productivity apps,” said Davis.
The ioXt has worked with companies like Google and Amazon had, with a number of certified labs such as NCC Group and Dekra, and mobile app security testing vendors such as NowSecure. In total, almost 20 two dozen tech figures helped to shape the requirements for the mobile app profile. Among them, Amit Agrawal, Amazon’s principal security architect, and Google Play’s Brooke Davis.
The mobile app profile contains requirements for interface security, automatic updates, secure password management, security by default, software verification checks, and end-of-life policies.
Google’s Google One VPN service was among the first apps certified against the new criteria.
Other VPNs that have been certified include ExpressVPN, NordVPN, McAfee Innovations, OpenVPN for Android, Private Internet Access VPN, and VPN Private.