Title

Apple iOS/iPadOS 18 must disable the installation of alternative marketplace apps. (Cat II impact)

Discussion

Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DOD data accessible by these unauthorized/malicious applications. SFRID: FMT_MOF_EXT.1.2 #47

Check Content

This is a supervised-only control. If the iPhone or iPad being reviewed is not supervised by the MDM, this control is automatically a finding. This check procedure is performed on both the device management tool and the iPhone and iPad. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow marketplace app installation" is unchecked. On the iPhone and iPad device: 1. Open the Settings app. 2. Tap "General". 3. Tap "VPN & Device Management". 4. Tap the Configuration Profile from the iOS management tool containing the restrictions policy. 5. Tap "Restrictions". 6. Verify "Marketplace app installation not allowed" is listed. If "Marketplace app installation" is not disabled in the management tool, this is a finding.

Fix Text

Install a configuration profile to disable the installation of alternative marketplace apps. This a supervised-only control.

Additional Identifiers

Rule ID: SV-268065r1031245_rule

Vulnerability ID: V-268065

Group Title: PP-MDF-993300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.