NIST shares tool for vetting mobile apps

The National Institute of Standards and Technology has launched a web-based application for developers to assess their self-created mobile apps for risk and hosting requirement conformity. The app, called AppVet, is free to use and is designed to be accessed through a browser. 

While NIST does not host or run AppVet for public use -- "NIST does not accredit or approve apps," the project's FAQ flatly states -- the tool can be downloaded and run by any interested organization.

“AppVet is a simple web-based application for vetting mobile apps,” according to NIST. “It facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, accessing reports, and assessing risk.”

The process begins when someone submits an app, which is analyzed by extracting its metadata. Once analyzed, additional functionality can be provided according to the requirements of the hosting organization. The app and its information are then sent to other tools for assessment and an overall report is generated.

It was designed for developers, analysts and app stores and can be easily integrated with third-party tools, such as static and dynamic analyzers, anti-virus scanners and vulnerability repositories. And the risk assessment that it generates is ultimately determined by those third-party components.  Users are strongly urged to use a standardized approach such as the Common Vulnerability Scoring System to make risk assessments.

About the Author

Reid Davenport is an FCW editorial fellow. Connect with him on Twitter: @ReidDavenport.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.