France certifies ETSI mobile security standard

The French National Cybersecurity Agency (ANSSI) has certified ETSI’s Consumer Mobile Device Protection Profile under the Common Criteria global certification framework. According to ETSI, this represents “the first certification by a national administration of a comprehensive suite of specifications for assessing the security of smartphones.”

Picture credit: Adobe Stock/pickup

Describing the aims of the standard, a spokesperson for ETSI said that it is designed to “support mobile device manufacturers in achieving security certification in their new products. It also offers a common methodology for evaluators to assess the security of consumer mobile devices.”

The spokesperson continued: “Defining security assurance requirements based on common criteria, the standard is suitable for certification initiatives such as the future European Cyber Resilience Act.”

The Protection Profile was originally published in 2021 as TS 103 732. It has since been revised and expanded as a "multi-part specification," now also addressing in particular the increasing use of biometric authentication.

ETSI collaborated with a range of industry stakeholders on the project, including “leading OS developers, smartphone manufacturers, network operators, regulatory authorities and user associations.”

Chair of ETSI’s Cybersecurity Technical Committee, Alex Leadbeater, said: “Smartphones and tablets are central to our everyday lives. They’re also a goldmine of apps, data and personal information that bad actors are increasingly keen to exploit through any means they can, including malware and network eavesdropping.

“Research by GSMA indicates that nine out of ten consumers globally are concerned over smartphone data security and privacy, with 64 per cent of consumers citing security as being ‘very important’ in their criteria for buying a smartphone.

“We are pleased that France’s national cybersecurity authority has officially certified ETSI’s Protection Profile for Consumer Mobile Devices using biometric authentication.”