The administrator/MDM must configure the application installation policy by specifying authorized application repositories (Disable Google Play).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-48337 | KNOX-25-009000 | SV-61209r1_rule | Medium |
| Description |
|---|
| Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. SFR ID: FMT_SMF.1.1 #10 |
| STIG | Date |
|---|---|
| Samsung Android (with Knox 1.x) STIG | 2014-04-22 |
Details
| Check Text ( C-50769r3_chk ) |
|---|
| Configuring an application installation policy on Samsung Knox Android by specifying an application repository involves three steps: (1) Disabling Google Play, (2) Disabling unknown application sources, and (3) Enrolling in an MDM (which designates the repository). This validation procedure covers the first of these steps. It is performed on both the MDM Administration Console and the Samsung Knox Android device. On the MDM Administration Console: 1. Ask the MDM administrator to display the "Enable Google Play" setting in the "Android Restrictions" rule. 2. Verify it is disabled. On the Samsung Knox Android device: 1. Attempt to locate the "Google Play" application. 2. Verify it is not present on the device. If the "Enable Google Play" is not disabled, or if a user can successfully launch Google Play on the device, this is a finding. |
| Fix Text (F-51945r2_fix) |
|---|
| Configure the OS to disable Google Play. On the MDM Administration Console, disable "Enable Google Play" in the "Android Restrictions" rule. |