I came across an astonishing blog post earlier this month detailing some of the disastrous consequences of relying on poorly-designed certification programs. Happtique launched a mobile app certification program to:
[...] help providers, patients, and others easily identify medical, health, and fitness apps that deliver credible content, contain safeguards for user data, and function as described.
This type of certification is a necessary part of a secure system, and companies like Happtique do play a valuable role in certifying software in domains with their own unique security concerns. After all, it is unreasonable to expect that companies like Apple and Google — with millions of applications on offer — will be able to understand the specific security and privacy concerns in every application domain. As sound as the general idea may be, however, Happtique’s implementation was riddled with problems.