Coming soon: Certification for mobile app developers

The next time you use an application on your smartphone, give this a thought: Did the developer who created the app build security in from the very start? Too often the answer is no. CompTIA and viaForensics are addressing this gaping hole with a new Secure Mobile App Developer certification.

Now that mobility has reached a critical mass, many companies are downloading or creating applications explicitly for today's smart platforms, either for internal use or to share with customers. Unfortunately, for many of these applications -- especially the ones publicly available for download -- security was an afterthought. CompTIA and viaForensics are on a mission to change that.

These two organizations are joining forces to create training and a professional certification called the CompTIA Secure Mobile App Developer. The idea is to ensure that developers have the knowledge and skills to design and build applications with security built in from the start. Both the course and the certification should be available in the second quarter of 2012.

IN THE NEWS: AT&T's app developer billing scheme: Will app makers buy in?

The genesis of the certification comes from forensic investigations conducted by viaForensics. (If this company sounds familiar, you may have read last week's article, "Using forensics to deeply understand the security impact of iOS and Android in the enterprise.") In the course of performing investigations for clients, viaForensics often finds enormous amounts of sensitive data on smartphones that would place consumers or businesses at risk. Chief Investigative Officer Andrew Hoog says the data typically gets on the devices through poorly designed apps, and the only people who benefit from it being there are "the bad guys."

"There are 500,000 applications available for Android or iOS," says Hoog, "and many of them are written by novices with no prior development experience. Even applications written by big companies sometimes have security issues." As more and more applications come onto the market, "things are not heading in a direction that's going to be good for the user," says Hoog.

"One of the most important ways to address this mobile security issue is to get education out to the developers," according to Hoog. "These are the people who have the largest impact on security. If you secure the apps, you don't have to worry about sensitive information being left on the device or being susceptible to man-in-the-middle attacks." Hoog believes it's essential to train the developers, provide them with a professional certification, and help companies make decisions for hiring qualified people that know secure mobile development.

viaForensics is designing the training for the new CompTIA certification. The training doesn't teach people how to code. Rather, students will learn how to bake security into applications from the very start. "You can't bolt it on later," says Hoog.

In a break from CompTIA tradition, the Secure Mobile App Developer certification will be somewhat vendor-specific. There will be two versions of the certification -- one for Apple's iOS platform, and another for Google's Android platform. This recognizes the leader role the two vendors play in the mobile device market.

There are no prerequisites for students who want to pursue the certification. However, they do need to have some level of coding experience and basic knowledge of the mobile app development tools. "This is a base level certification that could be used by vendors such as Microsoft or Sun/Oracle as a foundational credential for their own certifications," says Hoog.

According to Terry Erdle, CompTIA vice president for skills development, the new certifications are designed to meet the global demand for secure mobile applications. "Our philosophy is to get people trained to make sure there is a sufficient workforce out there that knows how to do things with best practices and can push the industry along in the right direction."

Erdle says that CompTIA will bring to market this year a number of mobility certifications, including how to architect a secured wireless environment. "The app developer certification is just the first phase," he hints.

Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at LMusthaler@essential-iws.com.

______________________________________________________________

About Essential Solutions Corp:

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2012 IDG Communications, Inc.

IT Salary Survey: The results are in