The mobile application source code must not contain known malware.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-35801 | SRG-APP-999999-MAPP-00077 | SV-47088r1_rule | High |
| Description |
|---|
| Malware will compromise the application data, device, and system to every possible compromising scenario. Under no circumstances will any code that is known to contain malware be used. The entire application ecosystem will operate at a higher security with much higher integrity than a system with known malware. |
| STIG | Date |
|---|---|
| Mobile Application Security Requirements Guide | 2013-01-04 |
Details
| Check Text ( C-44147r1_chk ) |
|---|
| Scan the application files using a program that uses a malware signature database to identify known malware. Use of commercial anti-virus tools that also scan for mobile application malware will suffice. If the tool identifies any instance of known malware, this is a finding. |
| Fix Text (F-40349r1_fix) |
|---|
| Remove known malware from the application code. |