The mobile app must not lock or set permissions on application files in a manner such that the operating system or an approved backup application cannot copy the files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-APP-000516-MAPP-000034 | SRG-APP-000516-MAPP-000034 | SRG-APP-000516-MAPP-000034_rule | Medium |
| Description |
|---|
| If the app is able to lock files or modify file permissions in a manner that prevents higher-level system operations, such as backup and copying from taking place, then the potential exists for the data to be lost. This condition may also be a form of denial of service if the operating system cannot recover the locked areas, thereby leaving fewer resources for other processes. In applying this control, the system is able to perform its overarching control and functional procedures, above any privileges the app, the user, or an intruder may have. The control must be employed judiciously. For example, file access should not be so broad as to allow non-approved apps from reading the files (e.g., by setting files to world readable). |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2014-07-22 |
Details
| Check Text ( C-SRG-APP-000516-MAPP-000034_chk ) |
|---|
| Perform a static program analysis to assess the app's ability to lock or set file permissions that would prevent OS and other approved apps from performing copy and backup functions. If the app has the ability to set and lock file permissions, this is a finding. |
| Fix Text (F-SRG-APP-000516-MAPP-000034_fix) |
|---|
| Configure or code the mobile app so the MOS or approved backup application is not prevented from copying mobile app files. |