NIST Logo and ITL Banner Link to the NIST Homepage Link to the ITL Homepage Link to the NIST Homepage
Search CSRC:
AppVet Logo

Overview

AppVet is a simple web-based application for vetting mobile apps. It facilitates the app vetting workflow by providing an intuitive user interface for submitting and testing apps, accessing reports, and assessing risk. AppVet is designed to easily and seamlessly integrate with a wide variety of third-party tools including static and dynamic analyzers, anti-virus scanners, and vulnerability repositories through the specification of simple APIs and requirements. AppVet also supports easy and seamless integration with clients including app stores and continuous integration environments. A screenshot of AppVet is shown here.

screenshot

An AppVet system comprises an AppVet web application and its related tools and clients. In an AppVet system, the app vetting workflow begins when a client submits an app to AppVet. When AppVet receives an app, it registers the app and performs some pre-processing of the app. Preprocessing is used to extract meta-data about an app and possibly provide additional functionality such as ensuring that the app conforms to specific requirements of the hosting organization. After preprocessing an app, AppVet sends the app and related information to one or more tools for testing and evaluation. When a tool completes its analysis, it returns a report and risk assessment to AppVet which, in turn, makes them available to clients. In addition, AppVet generates an overall risk assessment based on risk assessments from all tools. The AppVet system architecture is shown here.


AppVet System Architecture screenshot

For more details about AppVet, see AppVet 1.01.

“Note that AppVet does not include tools for testing apps. For more details about AppVet, see AppVet 1.01 or the AppVet FAQ.”

Documentation

It is recommended to review the AppVet 1.01 document before installing and running AppVet.

  • AppVet 1.01 (pdf)
  • AppVet Properties (xsd) (svg)
  • Tool Service Adapter (xsd) (svg)

Download

Permission to use this software is contingent upon your acceptance of the terms of the NIST Software Agreement.

  • AppVet 1.0 source release (GitHub)
  • Tool Service Example source release (GitHub)

Contacts

Steve Quirolgico
steveq@nist.gov
301-975-8426