Title

The mobile application must not execute as a privileged operating system process unless necessary to perform any application functions. (Cat I impact)

Discussion

An application that operates with the privileges of its host OS will make the OS, device, and other applications vulnerable to such issues as escalated privileges that would affect the entire platform and device. If the application is able to obtain OS privileges greater than necessary for proper operation, then an adversary, able to breach the application has access to these additional privileges and can perform unauthorized functions. These functions might include the ability to read sensitive data, or execute unauthorized code. If the latter, then additional attacks on the system and DoD networks may be possible. In applying this control, the device and data are protected against attacks that would be easily executed by a malicious user who has gained numerous privileges.

Check Content

Perform a review of the application's documentation to understand the application's operational requirements or the functionality of the application to establish the level of OS privilege required to operate. Based on the review, determine the appropriate OS permissions the application should have assigned for normal application operations during and at the time of installation. Next, conduct a static program analysis to assess the application's ability to restrict user OS privileges except where explicitly required for the application to operate. If the static program analysis reveals OS access privileges that are beyond requirements are granted to the application, this is a finding.

Fix Text

Modify the code to secure the boundaries within which the application may operate with respect to OS privileges.

Additional Identifiers

Rule ID: SV-46453r1_rule

Vulnerability ID: V-35166

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.