Title

The mobile application source code must not contain known malware. (Cat I impact)

Discussion

Malware will compromise the application data, device, and system to every possible compromising scenario. Under no circumstances will any code that is known to contain malware be used. The entire application ecosystem will operate at a higher security with much higher integrity than a system with known malware.

Check Content

Scan the application files using a program that uses a malware signature database to identify known malware. Use of commercial anti-virus tools that also scan for mobile application malware will suffice. If the tool identifies any instance of known malware, this is a finding.

Fix Text

Remove known malware from the application code.

Additional Identifiers

Rule ID: SV-47088r1_rule

Vulnerability ID: V-35801

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.