Title

BlackBerry 10 OS must prevent a user from installing unapproved applications. (Cat II impact)

Discussion

The operating system must enforce software installation by users based upon what types of software installations are permitted (e.g., updates and security patches to existing software) and what types of installations are prohibited (e.g., software whose pedigree with regard to being potentially malicious is unknown or suspect) by the organization. The installation and execution of unauthorized software on an operating system may allow the application to obtain sensitive information or further compromise the system. Preventing a user from installing unapproved applications mitigates this risk. When the Development Mode is enabled on BlackBerry 10 OS devices, the user has the capability to sideload apps to either the Work Space or Personal Space. Disabling this feature removes the capability for a user to sideload apps.

Check Content

From either the Work Space or Personal Space, navigate to "Settings >> Security and Privacy >> Development Mode" and verify "Use Development Mode" is set to "OFF" and grayed out. Otherwise, this is a finding.

Fix Text

On BlackBerry Device Service, set the IT Policy rule "Restrict Development Mode" to "Yes".

Additional Identifiers

Rule ID:

Vulnerability ID: V-47183

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.