Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vetting the Security of Mobile Applications



Michael Ogata, Josh Franklin, Jeff Voas, Vincent Sritapan, Stephen Quirolgico


Mobile applications are an integral part of our everyday personal and professional lives. As both public and private organizations rely more on mobile applications, ensuring that they are reasonably free from vulnerabilities and defects becomes paramount. This paper outlines and details a mobile application vetting process. This process can be used to ensure that mobile applications conform to an organization's security requirements and are reasonably free from vulnerabilities.
Special Publication (NIST SP) - 800-163 Rev. 1
Report Number
800-163 Rev. 1


app vetting, app vetting system, malware, mobile applications, mobile security, NIAP, security requirements, software assurance, software vulnerabilities, software testing


Ogata, M. , Franklin, J. , Voas, J. , Sritapan, V. and Quirolgico, S. (2019), Vetting the Security of Mobile Applications, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed June 14, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created April 18, 2019, Updated October 12, 2021