App Catalog

FirstNet Applications

One of the core objectives of the FirstNet experience is to provide a reliable, highly secure and interoperable ecosystem for the public safety community. To help achieve that objective we have created the App Catalog and an Application Certification Program. A recent study published in December of 2017 by the Department of Homeland Security reported that 55% of mobile applications commonly used by the public safety community were found to have high-risk vulnerabilities.  Comparatively it can be argued that public safety developers have been more successful than developers in other categories (finance and health care for example) in reducing vulnerabilities in their mobile apps, however it is still unacceptable to have such a high rate of risk to cyber exploitation. The first task of the App Catalog and Certification Program is to reduce the risks of cyber-attacks and exploitations in mobile applications use by first responders and the public safety community. If a highly secure set of tools can be provided, then the path to interoperability has one less hurdle to clear.

The App Catalog

The App Catalog combines the benefits of both public and private app stores. The Catalog is a single location where all mobile applications that have been accepted into the program are listed. The FirstNet Catalog functions much like a private app store in that it is not open to the general public, but it uses the distribution system provided by public app stores – the Apple App Store and Google Play. Each app is essentially the mobile front-end of cloud based software designed to solve specific public safety problems. We often refer to the back-end software and administrative interfaces as solutions; collectively Apps & Solutions.  Administrators have a specific view of the available Apps & Solutions that can be purchased under the FirstNet program with a FirstNet rate plan. In addition, solutions and their companion applications that can be purchased from independent software providers are also listed.

Mobile applications are listed in two basic tiers, “Certified” and “Reviewed”. To earn a “Certified” status an app must go through a battery of scans, performance tests and scrutiny performed by developers and a cross functional team of experts staffed from FirstNet, AT&T and Sapient Government Solutions.  The criteria to earn a “Reviewed” status is very similar but slightly less demanding. The process evaluates the applications relevancy to the public safety mission, system availability, security, data privacy, scalability, resiliency and resource usage.

FirstNet Certified & Reviewed Applications

FirstNet Certified

• Developers are required to provide an attestation that an application is capable of delivering 99.99% Service Level Availability.
• Developers must provide a valid source code scan as performed by a reputable firm such as Checkmarx Cx Suite^TM or Fortify Static Code Analyzer^TM.
• Binary scans and additional vulnerability testing is performed by the security assessment team.
• Application access permissions and data handling as well as privacy disclosures are reviewed.
• Developers are required to submit documentation and performance tests to ascertain the applications scalability, resiliency and resource usage.
• Evaluations are completed within 6-7 weeks provided all required documents are submitted on time.

The criteria for FirstNet Reviewed applications are similar.

FirstNet Reviewed

• Developers are required to provide an attestation that an application is capable of delivering 99.9% Service Level Availability.
• Binary scans and additional vulnerability testing is performed by the security assessment team.
• Application access permissions and data handling as well as privacy disclosures are reviewed.
• Developers are required to submit documentation and performance tests to ascertain the applications scalability, resiliency and resource usage.
• Evaluations are completed within 6-7 weeks provided all required documents are submitted on time.

The App Catalog also provides Administrators access to tools designed to make distributing mobile applications to end users easier. They are able to sort apps by relevant category, public safety discipline or mobile operating system. Each mobile app is listed with a description of features and benefits, version details, screen shots of what the app looks like, as well as ratings and reviews specifically relevant to public safety. The main feature of the App Catalog enables administrators to easily import applications from the Catalog into their own Mobile Device Management or Enterprise Mobility Management service to be distribute to end user devices according to that agency’s or organization’s device and content management policy. Applications can also be downloaded directly from the App Catalog by end users who do not subscribe to Mobile Device Management or Enterprise Mobility Management.

Since going live in September, new Applications are being submitted on a regular basis under a wide range of categories specifically relevant to public safety, including:  Communication Tools, Device Security, Secure Connections, Cloud Solutions, CAD Solutions, Video Surveillance, In-Building Coverage & Mapping, Situational Awareness, Cyber Security, Forensic Intelligence and Public Safety Community.

Providing applications that public safety professionals and volunteers alike can be confident using on the job is the first step in providing a reliable, highly secure and interoperable ecosystem for the public safety community.