AppVet speeds mobile devices, apps to the battlefield

 

Connecting state and local government leaders

The NIST AppVet project developed a framework to evaluate hardware and software for off-the-shelf smartphones in military field operations.

The military’s desire for secure, reliable and inexpensive mobile devices and apps has led to the development of a simple, open-source web service and framework for vetting mobile applications that can be used across government and by commercial developers.

Project at a glance

Project: AppVet

Office: National Institute of Standards and Technology, in collaboration with George Mason University, under the DARPA TransApps program

Technology used: A framework of software assurance methodology, power and reliability analysis techniques, and standards-based cryptographic solutions

Time To Implementation: Project began in early fiscal 2012, and the framework became operational that year. Funding ended in April 2014

Before: Military personnel in the field had to use costly, heavy communications equipment with limited functionality, or acquire and test commercial devices that were outdated by the time they could be put to use.

After: Personnel have access to current commercial devices and applications that can be tested in hours. AppVet has tested thousands of applications, exposing numerous security vulnerabilities.

AppVet, which is available as a free open source download, is a framework that speeds the testing workflow with a user friendly interface for submitting apps, accessing reports and assessing risk. Application Program Interfaces also let AppVet be easily integrated with a variety of clients, including app stores and third-party analysis tools, both static and dynamic.

The tool was developed under the Defense Advanced Research Projects Agency’s TransApps program by a team headed by the National Institute of Standards and Technology and which included George Mason University.

“It’s been used as an operational system since 2012,” said Craig Schlenoff, group leader of the Cognition and Collaboration Systems Group in the Intelligent Systems Division at NIST.

The first users were in the Defense Department, which has used it to securely deploy more than 3,000 commercial smartphones in the battlefield. The departments of Justice and Homeland Security were also interested in adopting AppVet, and it was used to test mobile devices that were used to provide security for the 2012 presidential inauguration. “It’s slowly picking up steam, and people are getting interested in it,” Schlenoff said.

NIST was approached by DARPA for help in putting commercial mobile devices and applications more quickly into the hands of warfighters. Their challenge was to quickly vet the security and reliability of the hardware and software for military needs on a large scale. NIST led a multi-organizational effort that developed innovative methods for security, testing and evaluation of hardware and software to securely deploy off-the-shelf smartphones and applications in military field operations.

Facing intense pressure, high stakes and complex technical challenges, the team developed an unprecedented security infrastructure and evaluation framework, accelerating the deployment of secure devices into a harsh environment.

AppVet uses software assurance methods, power and reliability analysis techniques as well as standards-based cryptographic solutions. The NIST team also designed a unique smartphone security architecture lets the government keep pace with the fast-paced mobile industry while adhering to strict security requirements, replacing the costly model of long development times and government-specific solutions.

The NIST tool is also is a meaningful reference implementation for the private sector that can help in the development of secure devices and applications. This can help agencies solve problems associated with the bring-your-own-device movement, which can introduce unmanaged and untrusted personal devices into the government workplace.

Since becoming available in 2012, AppVet has proved itself by eliminating the need for older, heavy radio equipment in the field, improving situational awareness and helping to save soldiers’ lives. In one instance, soldiers in Afghanistan surrounded by the Taliban were able to use a mobile device to pinpoint an enemy position and direct fire at them. In another, a Medevac app was used to locate a helicopter landing zone so that a wounded soldier could be quickly evacuated, saving precious minutes.

The effort not only brought together both academic and government researchers and developers, but also allowed researchers from different departments at NIST – the Information Technology Lab and the Engineering Lab – to work together.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.