Mobile applications play an important role in today's business and government, as well as becoming ever more entrenched in our personal daily lives. Mobile applications differ from the traditional world of computing not only because they are 'always on' but also they are 'always on us.' Whether they are accessing our bank accounts or using a GPS location to find a nearby restaurant, their unprecedented access to data greatly affects our lives. Vulnerabilities in mobile applications stand to expose, damage, or destroy this vital data. The Mobile Application Tool Testing project seeks to understand and evaluate tools and services that identify vulnerabilities in mobile applications.
As mobile application increase in use in the public and private sector, processes for evaluating mobile applications for software vulnerabilities are becoming more commonplace. NIST defines the work flow for this process in NIST SP 800-163 Vetting the Security of Mobile Applications.
A key part of this process relies on the quality of the tools being used to detect vulnerabilities. This project seeks to further the state of these technologies by studying their capabilities and competencies.
In 2012, the US Government established the First Responder Network Authority (FirstNet), with the goal of establishing and maintaining the nations' first public safety broadband network. FirstNet began its network roll-out in 2017. FirstNet will foster the adoption of mobile applications for use by public safety officials. These applications will have higher requirements for security that applications utilized by the general public. The Mobile Application Tool Testing project works closely with another NIST research group, Public Safety Communications Research (PSCR) to identify how mobile application vetting technologies can be used to help secure public safety mobile applications
The goal of the Mobile Application Security Exercise (MASE) Project is to gain a better understanding of the state-of-the-art in mobile application vetting tools. To achieve this goal, the following activities were undertaken: