Samsung Android 8 with Knox must be configured to disable developer modes.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-80253	KNOX-08-017900	SV-94957r1_rule		Medium

Description
Developer modes expose features of the Samsung Android 8 with Knox that are not available during standard operation. An adversary may leverage a vulnerability inherent in a developer mode to compromise the confidentiality, integrity, and availability of DoD sensitive information. Disabling developer modes mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #26

STIG	Date
Samsung Android OS 8 with Knox 3.x COBO Use Case Security Technical Implementation Guide	2018-11-30

Details

Check Text ( C-79925r1_chk )
Review Samsung Android 8 with Knox configuration settings to determine whether a developer mode is enabled. This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device. On the MDM console, do the following: 1. Ask the MDM Administrator to display the "Allow Developer Mode" check box in the "Android Restrictions" rule. 2. Verify the check box is not selected. On the Samsung Android 8 with Knox device, do the following: 1. Open the device settings. 2. Select "Developer options". () 3. Attempt to enable "Developer options". If the MDM console "Allow Developer Mode" check box is selected or on the Samsung Android 8 with Knox device, "Developer options" can be enabled by the user, this is a finding. Note: The "Developer Modes" configuration setting may not be available in older MDM consoles. Disabling USB Debugging and Mock Locations also disables Developer modes on the mobile device. () "Developer options" is initially hidden to users. To unhide this menu item: 1. Open the device settings. 2. Select "About device". 3. Select "Software info". (Note: On some devices, this step is not needed.) 4. Rapidly tap on "Build number" multiple times until the device displays the Developer Options menu item.

Check Text ( C-79925r1_chk )

Review Samsung Android 8 with Knox configuration settings to determine whether a developer mode is enabled.

This validation procedure is performed on both the MDM Administration Console and the Samsung Android 8 with Knox device.

On the MDM console, do the following:
1. Ask the MDM Administrator to display the "Allow Developer Mode" check box in the "Android Restrictions" rule.
2. Verify the check box is not selected.

On the Samsung Android 8 with Knox device, do the following:
1. Open the device settings.
2. Select "Developer options". (**)
3. Attempt to enable "Developer options".

If the MDM console "Allow Developer Mode" check box is selected or on the Samsung Android 8 with Knox device, "Developer options" can be enabled by the user, this is a finding.

Note: The "Developer Modes" configuration setting may not be available in older MDM consoles. Disabling USB Debugging and Mock Locations also disables Developer modes on the mobile device.

(**) "Developer options" is initially hidden to users. To unhide this menu item:
1. Open the device settings.
2. Select "About device".
3. Select "Software info". (Note: On some devices, this step is not needed.)
4. Rapidly tap on "Build number" multiple times until the device displays the Developer Options menu item.

Fix Text (F-87059r1_fix)
Configure the Samsung Android 8 with Knox to disable developer modes. On the MDM console, deselect the "Allow Developer Mode" check box in the "Android Restrictions" rule.