The mobile app must not write data to persistent memory accessible to other applications.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-APP-000243-MAPP-000049	SRG-APP-000243-MAPP-000049	SRG-APP-000243-MAPP-000049_rule		Medium

Description
Persistent memory is memory that retains data even when the device is no longer powered on. It is often referred to as non-volatile memory and is typically used for file storage. If the app shares the same location of persistent memory with that used by other apps to include encrypted data, then the data is at great risk to exposure through being available to other apps after the app has shut down or a user session has terminated. Furthermore, even though the OS will always be able to read files, other apps that share the same persistent memory are potentially less secure and thus offer an accessible means for malicious intruders to retrieve this information through the other app. In many operating environments, assigning unique process IDs to each app facilitates their separation from one another. In applying this control, the user will be less susceptible to malicious intrusion and extrusion of data that resides in areas shared by other apps.

Description

Persistent memory is memory that retains data even when the device is no longer powered on. It is often referred to as non-volatile memory and is typically used for file storage. If the app shares the same location of persistent memory with that used by other apps to include encrypted data, then the data is at great risk to exposure through being available to other apps after the app has shut down or a user session has terminated. Furthermore, even though the OS will always be able to read files, other apps that share the same persistent memory are potentially less secure and thus offer an accessible means for malicious intruders to retrieve this information through the other app. In many operating environments, assigning unique process IDs to each app facilitates their separation from one another. In applying this control, the user will be less susceptible to malicious intrusion and extrusion of data that resides in areas shared by other apps.

STIG	Date
Mobile Application Security Requirements Guide	2014-07-22

Details

Check Text ( C-SRG-APP-000243-MAPP-000049_chk )
If the mobile OS on which the mobile app resides does not permit the app to share persistent memory, then the app is compliant with this control. If the above control is not available, perform a static program analysis to assess if the app ever modifies the permissions of files to enable other apps to read or modify the files. If the static program analysis reveals that the app grants permissions that enable the app to share its area of persistent memory with other apps or processes, this is a finding. If the static program analysis reveals that the app's persistent memory is not secured and can be addressed and used by other apps and processes that allow file permissions to be changed, this is a finding. When applicable, examine the file permissions of files created by the app. If they permit other apps to access the files, this is a finding.

Check Text ( C-SRG-APP-000243-MAPP-000049_chk )

If the mobile OS on which the mobile app resides does not permit the app to share persistent memory, then the app is compliant with this control. If the above control is not available, perform a static program analysis to assess if the app ever modifies the permissions of files to enable other apps to read or modify the files. If the static program analysis reveals that the app grants permissions that enable the app to share its area of persistent memory with other apps or processes, this is a finding. If the static program analysis reveals that the app's persistent memory is not secured and can be addressed and used by other apps and processes that allow file permissions to be changed, this is a finding. When applicable, examine the file permissions of files created by the app. If they permit other apps to access the files, this is a finding.

Fix Text (F-SRG-APP-000243-MAPP-000049_fix)
Modify code to assure the app does not share its persistent memory allocation with other apps and processes and does not address areas of persistent memory used by other apps and processes.