The mobile app must initialize all parameter values on startup.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
SRG-APP-000516-MAPP-000073	SRG-APP-000516-MAPP-000073	SRG-APP-000516-MAPP-000073_rule		Medium

Description
A mobile app could be compromised, providing an attack vector to it if the app initialization process is not designed to keep the app in both a secure and functional state. Any operating parameter in the app, such as variables and settings, must be reset and initialized to default values, otherwise an adversary in possession of the device could access the app with privileges. An app that re-initializes its parameters at start up is assured a more secure session since the app has initialized all functional components that allow it to operate properly and thus securely.

Description

A mobile app could be compromised, providing an attack vector to it if the app initialization process is not designed to keep the app in both a secure and functional state. Any operating parameter in the app, such as variables and settings, must be reset and initialized to default values, otherwise an adversary in possession of the device could access the app with privileges. An app that re-initializes its parameters at start up is assured a more secure session since the app has initialized all functional components that allow it to operate properly and thus securely.

STIG	Date
Mobile Application Security Requirements Guide	2014-07-22

Details

Check Text ( C-SRG-APP-000516-MAPP-000073_chk )
Perform a dynamic program analysis to assess if the app upon startup initializes all parameter values the app uses. If the dynamic program analysis identifies any parameter value that is not initialized on startup, this is a finding.

Fix Text (F-SRG-APP-000516-MAPP-000073_fix)
Configure or code the mobile app to initialize all parameter values on startup.