UCF STIG Viewer Logo

LG Android 6.x must implement the management setting: Set uninstall not allowed for mandatory Work Profile apps. This requirement is only valid for activation type COPE#2.


Overview

Finding ID Version Rule ID IA Controls Severity
V-66901 LGA6-99-100055 SV-81391r2_rule Low
Description
This setting will block the removal of required applications. The Approving Authority may determine that a specific set of apps are required to meet mission needs. Key mission capabilities may be degraded if required apps are removed. SFR ID: FMT_SMF_EXT.1.1 #45
STIG Date
LG Android 6.x Security Technical Implementation Guide 2019-02-21

Details

Check Text ( C-67537r2_chk )
This validation procedure is performed on both the MDM Administration Console and the LG Android device.

On the MDM console, do the following:

1. Ask the MDM administrator to display the Whitelisted Android Apps (for Work Profile).
2. Verify apps designated by the AO as being mandatory have been set to "uninstall not allowed" on the whitelist.
3. Verify the policy has been assigned to all groups.

On the LG Android device:

1. Go to "Apps" menu or "Home" screen.
2. Select 1-2 apps designated by the AO as being mandatory.
3. Verify that user cannot uninstall the apps.

If on the MDM console mandatory work profile apps are not set to "uninstall not allowed" in the Whitelisted Android Apps (for Work Profile) or on the LG Android device the user can uninstall mandatory apps, this is a finding.
Fix Text (F-73001r2_fix)
Configure the mobile operating system to block application's uninstallation.

On the MDM Administration Console, configure the list of mandatory Work Profile apps in the Whitelisted Android Apps (for Work Profile) to "uninstall not allowed".