The mobile application must not permit execution of code without user direction unless the code is sourced from an organization-defined list of approved network resources.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-35126	SRG-APP-000022-MAPP-00009	SV-46413r1_rule		Medium

Description
Unapproved and thus untrusted code presents a very high risk for malicious action by network and device intruders. Some mobile applications enable adware and other real time execution of code. If the mobile application executes code that was not installed when the application was installed, then that code has not been reviewed as part of the application certification process, which scans for known malicious code among other vulnerabilities. In this situation, it is more likely that malicious code may run on the mobile device. Execution of malicious code may compromise sensitive DoD data or potentially cause a privilege elevation that might enable subsequent attacks. There are several ways to mitigate this risk. First, if the user explicitly authorizes exceptions, the user may be able to stop unauthorized execution. Second, if the mobile application authenticates the code, at least the code has been shown to come from a known source. This control protects the user from code that cannot be trusted and exhibits the potential to compromise the device, application, network, and all stored data. Please refer to CWEs: 250, 265, 272, and 284 for further information. Additional information on CWEs is found in the MAPP SRG Overview.

Description

Unapproved and thus untrusted code presents a very high risk for malicious action by network and device intruders. Some mobile applications enable adware and other real time execution of code. If the mobile application executes code that was not installed when the application was installed, then that code has not been reviewed as part of the application certification process, which scans for known malicious code among other vulnerabilities. In this situation, it is more likely that malicious code may run on the mobile device. Execution of malicious code may compromise sensitive DoD data or potentially cause a privilege elevation that might enable subsequent attacks. There are several ways to mitigate this risk. First, if the user explicitly authorizes exceptions, the user may be able to stop unauthorized execution. Second, if the mobile application authenticates the code, at least the code has been shown to come from a known source. This control protects the user from code that cannot be trusted and exhibits the potential to compromise the device, application, network, and all stored data. Please refer to CWEs: 250, 265, 272, and 284 for further information. Additional information on CWEs is found in the MAPP SRG Overview.

STIG	Date
Mobile Application Security Requirements Guide	2013-01-04

Details

Check Text ( C-43513r1_chk )
Perform a static program analysis to determine if the application executes non DoD-approved external code at any time. Check whether calls to such code include a user acceptance or direction step. Perform a dynamic program analysis to verify the application does not execute non DoD- approved code without user direction. In this context, user direction refers to the user either accepting or requesting the service or capability that the code provides upon each instance code is executed which has not been executed previously. It is not acceptable to have a one-time acceptance to accept automatic execution. If the application ever executes non DoD-approved external code, this is a finding.

Check Text ( C-43513r1_chk )

Perform a static program analysis to determine if the application executes non DoD-approved external code at any time. Check whether calls to such code include a user acceptance or direction step. Perform a dynamic program analysis to verify the application does not execute non DoD- approved code without user direction. In this context, user direction refers to the user either accepting or requesting the service or capability that the code provides upon each instance code is executed which has not been executed previously. It is not acceptable to have a one-time acceptance to accept automatic execution. If the application ever executes non DoD-approved external code, this is a finding.

Fix Text (F-39677r1_fix)
Modify code to prevent execution of code non DoD-approved without user direction.