|Finding ID||Version||Rule ID||IA Controls||Severity|
|Developer modes expose features of the mobile operating system that are not available during standard operation. An adversary may leverage a vulnerability inherent in a developer mode to compromise the confidentiality, integrity, and availability of DoD sensitive information. Disabling developer modes mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #26|
|Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide||2020-05-15|
|Check Text ( C-93225r1_chk )|
| Review device configuration settings to confirm developer mode is disallowed. |
This procedure is performed on both the MDM Administration console and the Samsung Android device.
On the MDM console, for the device, in the "Knox restrictions" group, verify that "allow developer mode" is not selected.
On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "About phone".
3. Tap "Software information".
4. Keep tapping "Build number".
5. Verify that message "Developer mode has been enabled" is displayed but "Developer options" is not available in Settings.
If on the MDM console "allow developer mode" is selected, or on the Samsung Android device "Developer options" can be enabled by the user, this is a finding.
|Fix Text (F-100155r1_fix)|
| Configure Samsung Android to disallow developer mode. |
On the MDM console, for the device, in the "Knox restrictions" group, unselect "allow developer mode".