I came across an astonishing blog post earlier this month detailing some of the disastrous consequences of relying on poorly-designed certification programs. Happtique launched a mobile app certification program to:

[...] help providers, patients, and others easily identify medical, health, and fitness apps that deliver credible content, contain safeguards for user data, and function as described.

This type of certification is a necessary part of a secure system, and companies like Happtique do play a valuable role in certifying software in domains with their own unique security concerns. After all, it is unreasonable to expect that companies like Apple and Google — with millions of applications on offer — will be able to understand the specific security and privacy concerns in every application domain. As sound as the general idea may be, however, Happtique’s implementation was riddled with problems. 


Comment