Regulatory Open Forum

This message was posted by a user wishing to remain anonymous

Hello everyone,

I am new to mobile app development and the regulatory documentation that goes into it. To ensure the mobile app is securely downloaded from an app store such as Google Play or Apple store, how can a team validate the download is secure from Google Cloud servers? One of the software requirement specifications for a mobile app is security of the download from the app store.  In other words, how can Google Cloud be validated?  What test can be done to ensure this software requirement is met? Alternatively, can we simply state that a test is not applicable because it is assumed that Google Cloud is a validated platform? 

Thanks! I would appreciate any insight.

Hello,

The subject you are asking about is code signing. Speak with your developers and make sure they are signing their code. See these links for more info:

Code Signing - Support - Apple Developer

Apple		remove preview
Code Signing - Support - Apple Developer Get links to documentation and best practices for signing your apps. View this on Apple >

Use app signing by Google Play

Google		remove preview
Use app signing by Google Play App signing provides a secure update mechanism for Android apps. Every Android app is signed cryptographically with a private key by its developer or Google Play. Every private key has an associated public certificate which any device or service can use to verify that the app was signed with a private key from a trusted source. View this on Google >

Use app signing by Google Play

Google		remove preview
Use app signing by Google Play App signing provides a secure update mechanism for Android apps. Every Android app is signed cryptographically with a private key by its developer or Google Play. Every private key has an associated public certificate which any device or service can use to verify that the app was signed with a private key from a trusted source. View this on Google >

 

------------------------------
Michael Reents
Bradenton FL
United States
------------------------------

Original Message:
Sent: 03-Feb-2019 20:48
From: Anonymous Member
Subject: Mobile App software development - data security

This message was posted by a user wishing to remain anonymous

Hello everyone,

I am new to mobile app development and the regulatory documentation that goes into it. To ensure the mobile app is securely downloaded from an app store such as Google Play or Apple store, how can a team validate the download is secure from Google Cloud servers? One of the software requirement specifications for a mobile app is security of the download from the app store.  In other words, how can Google Cloud be validated?  What test can be done to ensure this software requirement is met? Alternatively, can we simply state that a test is not applicable because it is assumed that Google Cloud is a validated platform?

Thanks! I would appreciate any insight.