UCF STIG Viewer Logo

Samsung Android must be configured to enforce an application installation policy by specifying one or more authorized application repositories, including [DoD-approved commercial app repository, MDM server, mobile application store]: - disallow unknown app installation sources.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93759 KNOX-09-000130 SV-103845r1_rule Medium
Description
Forcing all applications to be installed from authorized application repositories can prevent unauthorized and malicious applications from being installed and executed on mobile devices. Allowing such installations and executions could cause a compromise of DoD data accessible by these unauthorized/malicious applications. SFR ID: FMT_SMF_EXT.1.1 #8a
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(AE) Deployment Security Technical Implementation Guide 2020-02-24

Details

Check Text ( C-93077r1_chk )
Review device configuration settings to confirm that installation from unauthorized application repositories is disallowed.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Android user restrictions" group, verify that "disallow install unknown sources" is selected.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Apps".
3. Tap the Overflow menu (three vertical dots).
4. Tap "Special Access".
5. Tap "Install unknown apps".
6. Tap a listed app.
7. Verify that "Allow from this source" cannot be enabled.

If on the MDM console "disallow install unknown sources" is not selected, or on the Samsung Android device the user can enable "allow from this source" for an app, this is a finding.
Fix Text (F-100005r1_fix)
Configure Samsung Android to disallow installation from unauthorized application repositories.

On the MDM console, for the device, in the "Android user restrictions" group, select "disallow install unknown sources".