The FirstNet Developer Program fosters an ecosystem of innovation, enabling the delivery of actionable data through public safety applications and devices, giving first responders the advanced technologies they need. Developers have participated in the FirstNet Developer Program since its launch in 2017, but the App Review Teams have found common mistakes with app submissions that have slowed approval of apps. Common mistakes have included not submitting all of the required documents, not including remediation plans for all vulnerabilities in the scan report, or not providing test credentials with the developer checklist.
The purpose of this blog is to provide you with a clearer set of guidelines so that when you submit apps for FirstNet review, they meet FirstNet requirements. Package all of these required documents into a zip file and submit them for each app submission on the FirstNet Developer Portal.
Developer Checklist: The Developer Checklist is used to assess app functionality as well as relevancy to public safety. You may download the ‘Developer Checklist’ workbook from the Resources page on the FirstNet Developer portal. Please complete the developer checklist, denoting N/A if a question is not applicable. The checklist should have supporting documents and at least two sets of test credentials for each app submission. Before you submit your app, make sure you go over the “Submission Checklist” tab to verify that all FirstNet requirements are met.
Security Scans: FirstNet is committed to providing the public safety community with highly secure apps. For FirstNet Certified applications, a detailed source code scan report using either Checkmarx Cx SuiteTMor Fortify Static Code AnalyzerTM is required. For FirstNet Reviewed applications, analyze the mobile app utilizing Checkmarx Cx SuiteTM, Fortify Static Code AnalyzerTM*, or VeracodeTM static analysis tools. Within the detailed scan reports, vulnerabilities will be identified as high/critical, medium, or low impact, or informational. High vulnerabilities must be fixed prior to submission of the app. For each medium, low, and informational vulnerability, an explanation of why the issue is not exploitable and a remediation plan with fix date, must be documented right next to each vulnerability in the scan report.
App Optimizer Results: The AT&T Video Optimizer tests the app and helps developers streamline mobile app performance and improve video streaming, free of charge. After testing the app, provide the screen shot of the Video Optimizer Tests Conducted page and the full trace results of the app.
Certification and approval of applications can take anywhere from four to six weeks. However, if an app submission does not follow these guidelines, the App Review Process is halted until the app submission is complete. Please follow these guidelines so that your app can be made available to help improve the performance and efficiency of first responders and agencies today!
For more information on app submission guidelines and requirements, visit the Submission page.
Contact the FirstNet Developer Program with any questions!