LG Android 6.x must implement the management setting: Set uninstall not allowed for mandatory Work Profile apps. This requirement is only valid for activation type COPE#2.

From LG Android 6.x Security Technical Implementation Guide

Part of PP-MDF-991000

Associated with: CCI-000366

SV-81391r2_rule LG Android 6.x must implement the management setting: Set uninstall not allowed for mandatory Work Profile apps. This requirement is only valid for activation type COPE#2.

Vulnerability discussion

This setting will block the removal of required applications. The Approving Authority may determine that a specific set of apps are required to meet mission needs. Key mission capabilities may be degraded if required apps are removed.SFR ID: FMT_SMF_EXT.1.1 #45

Check content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the Whitelisted Android Apps (for Work Profile). 2. Verify apps designated by the AO as being mandatory have been set to "uninstall not allowed" on the whitelist. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Go to "Apps" menu or "Home" screen. 2. Select 1-2 apps designated by the AO as being mandatory. 3. Verify that user cannot uninstall the apps. If on the MDM console mandatory work profile apps are not set to "uninstall not allowed" in the Whitelisted Android Apps (for Work Profile) or on the LG Android device the user can uninstall mandatory apps, this is a finding.

Fix text

Configure the mobile operating system to block application's uninstallation. On the MDM Administration Console, configure the list of mandatory Work Profile apps in the Whitelisted Android Apps (for Work Profile) to "uninstall not allowed".

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer