Standard of mobile application development (Natsstandart 277-2018)
The order of Rosstandart approves on July 10, 2018 the national 277-2018 standard "The Russian quality system. Cross-validation testings of mobile applications for smartphones". The document becomes effective since October 1, 2018 for a period of 3 years. In 2021 the standard will be given the status GOST P.
2018: The preliminary standard of mobile application development is approved
The state approved the preliminary standard of mobile application development, says Rosstandart, published on the website of the department on July 10, 2018. Requirements have advisory nature, but, according to authors, will have to become "a reference point at development".
The developed ANO Roskachestvo and the document approved by Rosstandart contains 87 functional requirements of annexes, including to performance, functionality, convenience of use and security.
In the description of the standard it is spoken that should demand mobile application "an absolute minimum of permissions" for work and also explain why they are necessary.
Besides, the application should provide to the user "unambiguously treated privacy policy", inform him to what personal data it gets access what data are collected and transferred how they are used and stored as their safety is ensured and who can get access to them.
For the user the right to control data collection or to refuse it at all should remain. Separately makes a reservation that all personal data of users should be stored in Russia. The standard orders a possibility of free trial acquaintance "regardless of a business model". As for security, in the standard the lack of critical vulnerabilities, updating at least once a year, lack of "persuasive" promotional materials, etc. are stated.
In the market the standard is in its current form met without special enthusiasm. The main claim is an abundance of "platitudes", controversial and vague requirements and at the same time a minimum of a technical reality.
The document applying for "GOST" should be the most specific — Oleg Galushkin, the information security expert of SEC Consult Services company considers. — The requirement to mobile application "not contain critical vulnerabilities" is not a reality, it in the worst sense a common word. Methodical recommendations about safe development of mobile software could become a necessary reality. Authors of the standard should not even have invented anything: optimal methods are developed by the industry for a long time — even if not all her players follow these methods. |
Market participants note also that would only a little more than a half undergo testing for compliance to the approved standard.
The standard will have to enter action since October 1. As it is considered as national, all interested structures, including developers from the countries of the Eurasian Economic Union will be able to use it.[1] Besides, it is supposed that in 2021, after approbation, the standard will be given the status GOST P.