Task #13210
Task #13202: Huawei Pentest Remidiation
HUAWEI - L6 - Overly Permissive Permission
Status: | Closed - End of life cycle | Start date: | September 06, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | September 12, 2022 | |
Assignee: | MUHAMMAD IHSAN | % Done: | 100% | |
Category: | PCI DSS - Pentest | Spent time: | - | |
Target version: | - |
Description
Description :
Mobile operating system assigns every installed application with a distinct system identity (Linux user ID and group ID). Because each application operates in a process sandbox, the application must explicitly request access to resources and data outside their sandbox. They request this access by declaring the permissions they need to use certain system data and features. Depending on how sensitive or critical the data or feature is, system such as Android will grant the permission automatically or ask the user to approve the request.
LGMS Solution :
Verify and ensure that only permissions that are required by the application being requested in the application manifest. All other permissions should be removed.
Penril Plan :
To update permission following android fixes .
History
#1 Updated by MUHAMMAD IHSAN about 2 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
- Assignee changed from Rahmat Aina Nadia to MUHAMMAD IHSAN
#2 Updated by MUHAMMAD IHSAN about 2 years ago
- Status changed from Development / Work In Progress to Finished Development
- % Done changed from 0 to 100
Permission updated following Android fixes.
#3 Updated by MUHAMMAD IHSAN almost 2 years ago
- File AndroidManifest.png added
#4 Updated by Binti Marobi Athirah Umairah over 1 year ago
- Status changed from Finished Development to Closed - End of life cycle
Deployed to SIT on 15/4/22
Deployed to UAT on 18/4/22
Confirmed by azyan on 23/3/23, now pending LGMS feedback and new testing cycle result.