LG Android 6.x must implement the management setting: list approved apps on the Whitelisted Android Apps (for Work Profile). This requirement is only valid for activation type COPE#2.

From LG Android 6.x Security Technical Implementation Guide

Associated with: CCI-000366

SV-81389r1_rule LG Android 6.x must implement the management setting: list approved apps on the Whitelisted Android Apps (for Work Profile). This requirement is only valid for activation type COPE#2.

Vulnerability discussion

This setting enables an application whitelist in the Work Profile. Failure to specify which applications are approved could allow unauthorized and malicious applications to be downloaded, installed, and/or executed on the mobile device, causing a compromise of DoD data accessible by these applications.SFR ID: FMT_SMF_EXT.1.1 #45

Check content

This validation procedure is performed on the MDM Administration Console. On the MDM console, do the following: 1. Ask the MDM administrator to display the Whitelisted Android Apps (for Work Profile). 2. Verify the list of apps has been approved by the AO. 3. Verify the policy has been assigned to all groups. If on the MDM console the Whitelisted Android apps (for Work Profile) contain non-AO approved apps, this is a finding.

Fix text

Configure the mobile operating system to list only approved apps on the Whitelisted Android Apps (for Work Profile). On the MDM Administration Console, add the approved system applications in the lists of Whitelisted Android Apps (for Work Profile).

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.