LG Android 6.x must not allow use of developer modes.

From LG Android 6.x Security Technical Implementation Guide

Part of PP-MDF-201010

Associated with: CCI-000381

SV-81311r2_rule LG Android 6.x must not allow use of developer modes.

Vulnerability discussion

Developer modes expose features of the mobile operating system that are not available during standard operation. An adversary may leverage a vulnerability inherently in developer mode to compromise the confidentiality, integrity, and availability of DoD-sensitive information. Disabling developer modes mitigates this risk.SFR ID: FMT_SMF_EXT.1.1 #24

Check content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Allow developer modes" setting in the MDM console. 2. Verify the setting is disabled. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Unlock the device. 2. Navigate to Settings >> General >> About Phone >> Software info >> Build number. 3. Push "Build number" multiple times until a pop-up menu display indicates developer option unavailable by server policy. If on the MDM console and the "Allow developer modes" setting is enabled or on the LG Android device the developer mode is available, this is a finding.

Fix text

Configure the mobile operating system to disable developer modes. On the MDM Administration Console, disable "Allow Developer Modes".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer