Task #12989
Support #12933: [SCP ID :##6249##] : Mobile Pentest Remediation
[IOS] - Pentest - L12 - Overly Permissive Permission
Status: | User Acceptance Test | Start date: | May 11, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | May 12, 2022 | |
Assignee: | Binti Marobi Athirah Umairah | % Done: | 100% | |
Category: | PCI DSS - Pentest | Spent time: | - | |
Target version: | - |
Description
Mobile operating system assigns every installed application with a distinct system identity (Linux user ID and group ID). Because each application operates in a process sandbox, the application must explicitly request access to resources and data outside their sandbox. They request this access by declaring the permissions they need to use certain system data and features. Depending on how sensitive or critical the data or feature is, system such as Android will grant the permission automatically or ask the user to approve the request.
Action Plan:
To re-check mobile code (Android and IOS)
Remove unused permission.
History
#1 Updated by Susanto Felix Brilliant over 2 years ago
- Assignee changed from Susanto Felix Brilliant to Bin Hamzah Muhammad Fadhly
#2 Updated by Bin Hamzah Muhammad Fadhly over 2 years ago
- Due date set to May 11, 2022
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#3 Updated by Bin Hamzah Muhammad Fadhly over 2 years ago
- % Done changed from 0 to 100
#4 Updated by Bin Hamzah Muhammad Fadhly over 2 years ago
- Due date changed from May 11, 2022 to May 12, 2022
#5 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
- Status changed from Development / Work In Progress to Finished Development
- % Done changed from 100 to 90
#6 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
- % Done changed from 90 to 100
#7 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
- File Screen Shot 2022-07-18 at 11.11.21 AM.png added
#8 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
Removed NSLocationAlwaysUsageDescription and NSLocationWhenInUseUsageDescription since Branch Locator seems to not require the permission to use the location. This might be due to the nature of Branch Locator is to locate the branch or banking agent instead of utilizing GPS.
#9 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
- File deleted (
Screen Shot 2022-07-18 at 11.11.21 AM.png)
#10 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
- File Removed Location Permission.png added
#11 Updated by Bin Hamzah Muhammad Fadhly about 2 years ago
- Status changed from Finished Development to Internal Testing
- Assignee changed from Bin Hamzah Muhammad Fadhly to Nurul Athira Abdul Rahim
#12 Updated by Nurul Athira Abdul Rahim about 2 years ago
- File Internal Test Results_SCPID #6249_Pentest_L12 - Overly Permissive Permission.docx added
- Status changed from Internal Testing to System Integration Test
Tested and passed by IOS developer
#13 Updated by Norhaidah Md Dasuki over 1 year ago
Athira, Update this task. Tq
#14 Updated by Nurul Athira Abdul Rahim over 1 year ago
- Status changed from System Integration Test to Pending UAT Deployment
- Assignee changed from Nurul Athira Abdul Rahim to Bin Hamzah Muhammad Fadhly
Please deploy this fixes to UAT.
Thanks
#15 Updated by Bin Hamzah Muhammad Fadhly over 1 year ago
- Status changed from Pending UAT Deployment to User Acceptance Test
- Assignee changed from Bin Hamzah Muhammad Fadhly to Binti Marobi Athirah Umairah
Done deployed to UAT and provided link to download.
version 3.3.1 build 341 Internal BSN
https://testflight.apple.com/join/GVdD3RT2
version 3.3.1 build 340 VPN Penril
https://testflight.apple.com/join/CdjMcH3f