Skip to content

FirstNet Developer Program

FirstNet Developer Portal Logo
  • Join Now
  • LOGIN
  • Help
    • FAQ
    • PACIFIC TERRITORIES
    • SUBMIT A TICKET
    • CONTACT US
  • Search
FirstNet Developer Portal Logo
FirstNet Developer Portal Logo
  • GET STARTED
    • MEMBERSHIP
    • DEVELOP
    • SUBMIT
    • DISTRIBUTE
  • API CATALOG
  • COMMUNITY
    • EVENTS
    • BLOG
    • FORUMS
  • RESOURCES
    • DEVELOPMENT
    • SUBMISSION
    • DISTRIBUTION
    • PROGRAM GOVERNANCE
    • DOWNLOADABLE RESOURCES
  • ABOUT
  • LOGIN
  • GET STARTED
    • Membership
    • Develop
    • Submit
    • Distribute
  • API CATALOG
  • COMMUNITY
    • Events
    • Blog
    • Forums
  • RESOURCES
    • Development
    • Submission
    • Distribution
    • Program Governance
    • Downloadable Resources
  • ABOUT
  • HELP
    • FAQ
    • PACIFIC TERRITORIES
    • Submit a Ticket
    • Contact Us
  • Join Now

Enter Search Criteria

  1. Blog
  2. Firstnet App Governanace Program
  3. Developing a FirstNet Class App – By Daniel Madsen

Developing a FirstNet Class App – By Daniel Madsen

by Administrator Mar 29, 2019
Categories:
  • Firstnet App Governanace Program
Share Tweet Share

FirstNet’s priority is to offer mobile apps in our catalog that are free of malware and severe security vulnerabilities.  Although the FirstNet team goes to great lengths to confirm that the network and devices are trustworthy, it is just as vital for developers to produce apps that have the ability to stay secure in case of attack.  When developing mobile apps, mobile handsets must be treated as un-trusted platforms.  Therefore, security functions should not be delegated to mobile platforms, as those functions can be tampered with.   Start with the worst-case assumption that a hacker has rooted and completely controls the device, so be sure to design, code, and security test to safeguard the integrity and reliability of the apps our first responders depend upon.  On some phones for instance, the schemas and contents of the databases that support notes, phone logs, contacts, email, SMS messages and many other core applications, can be viewed and changed by an attacker.

One of the first steps for FirstNet developers is to identify risks that can be mitigated through best practices and standards of architecture and code development.  The following list is not exhaustive, but it addresses the most prominent risks.  Links to reputable websites providing additional information are included.

  1. Injection attacks, which apply to both mobile and server applications, seek to disclose or inject information, or cause malfunctions of applications through buffer overflows, web-based attacks, and database attacks. See: https://www.owasp.org/index.php/Injection_Flaws
  2. Authentication attacks seek to bypass access controls by guessing PINs or passwords until the attacker gains access to an application or device. See: https://www.owasp.org/index.php/Mobile_Top_10_2016-M4-Insecure_Authentication
  3. Escalation of privilege attacks exploit defects in code and Application Programming Interfaces (APIs) to enable a user to perform functions they are not authorized to perform. See: https://www.owasp.org/index.php/Mobile_Top_10_2016-M6-Insecure_Authorization
  4. Backdoor attacks utilize unauthorized access methods to bypass authorization mechanisms. See: https://www.owasp.org/index.php/Mobile_Top_10_2016-M10-Extraneous_Functionality
  5. Platform attacks may include manipulation of database schemas and data, snooping on or changing customer data on devices, and manipulating the code associated with an application. See: https://www.owasp.org/index.php/Mobile_Top_10_2016-M8-Code_Tampering
  6. Malware and network-based attacks are not specific to mobile devices. Attacks may be directed against mobile devices themselves, against server-side applications that provide backend functionality, or against the communications network.

Not included in this list are social engineering attacks (phishing, sharing passwords, etc.) which all FirstNet developers must guard against.

Security is vital – anywhere, everywhere; it’s even more vital when we are talking about assets created for public safety.

Share Tweet Share

Comments

by 1234 on Oct 18, 2022

1234

Post a Comment

Sign in is required to comment on this blog. Not a member? Join Now.
Click here to go to top of the page
FirstNet Developer Portal Logo Image
  • SITEMAP
    • GET STARTED
    • API CATALOG
    • COMMUNITY
    • RESOURCES
    • ABOUT

SITEMAP

  • GET STARTED
  • API CATALOG
  • COMMUNITY
  • RESOURCES
  • ABOUT

FIRSTNET SITES

  • FIRSTNET.COM
  • FIRSTNET APP CONTROL

Follow Us

  • FACEBOOK
  • LINKEDIN
  • TWITTER
  • YOUTUBE

HELP

  • FAQ
  • PACIFIC TERRITORIES
  • SUBMIT A TICKET
  • CONTACT US
  • Privacy Policy
  • Terms & Conditions
  • Accessibility
  • Your Privacy Choices California Consumer Privacy Act (CCPA) Opt-Out Icon
  • FirstNet.gov