Title

LG Android 6.x must implement the management setting: Set uninstall not allowed for mandatory Work Profile apps. This requirement is only valid for activation type COPE#2. (Cat III impact)

Discussion

This setting will block the removal of required applications. The Approving Authority may determine that a specific set of apps are required to meet mission needs. Key mission capabilities may be degraded if required apps are removed. SFR ID: FMT_SMF_EXT.1.1 #45

Check Content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the Whitelisted Android Apps (for Work Profile). 2. Verify apps designated by the AO as being mandatory have been set to "uninstall not allowed" on the whitelist. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Go to "Apps" menu or "Home" screen. 2. Select 1-2 apps designated by the AO as being mandatory. 3. Verify that user cannot uninstall the apps. If on the MDM console mandatory work profile apps are not set to "uninstall not allowed" in the Whitelisted Android Apps (for Work Profile) or on the LG Android device the user can uninstall mandatory apps, this is a finding.

Fix Text

Configure the mobile operating system to block application's uninstallation. On the MDM Administration Console, configure the list of mandatory Work Profile apps in the Whitelisted Android Apps (for Work Profile) to "uninstall not allowed".

Additional Identifiers

Rule ID: SV-81391r2_rule

Vulnerability ID: V-66901

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.