UCF STIG Viewer Logo

The mobile app source code must not contain adware or known malware.


Overview

Finding ID Version Rule ID IA Controls Severity
SRG-APP-000516-MAPP-000077 SRG-APP-000516-MAPP-000077 SRG-APP-000516-MAPP-000077_rule Medium
Description
Malware will compromise the app data, device, and system. Under no circumstances will any code that is known to contain adware or malware be used. The entire application ecosystem will operate at a higher security with much higher integrity than a system with known malware.
STIG Date
Mobile Application Security Requirements Guide 2014-07-22

Details

Check Text ( C-SRG-APP-000516-MAPP-000077_chk )
Scan the app files using a program that uses a malware signature database to identify known malware. Use of commercial anti-virus tools that also scan for mobile app malware and adware will suffice. If the tool identifies any instance of known malware in the app files, this is a finding.
Fix Text (F-SRG-APP-000516-MAPP-000077_fix)
Remove all known malware and adware from the app source code.