threatmodel Android EN - edamametechnologies/threatmodels GitHub Wiki

Android Threat Model (EN)

Contents

MDM profiles installed

Threat

Dimension : system integrity / Severity : 5

Tags : Personal Posture

You have one or more Mobile Device Management (MDM) profiles installed on your computer. This means that your device is or can be remotely administered by a 3rd party. If this is your personal device, this is a grave threat and the profiles should be removed.

Implementation

Tested for Action Elevation Script
Android 13 Command line user mdm_check

Remediation

https://en.wikipedia.org/wiki/Mobile_device_management

Rollback

https://en.wikipedia.org/wiki/Mobile_device_management

Screen lock disabled

Threat

Dimension : credentials / Severity : 3

Tags : CIS Benchmark Level 1, ISO 27001/2,Access Control, PCI-DSS,Requirement-8.1.7, SOC 2,CC-Access Control

Your device doesn't have a screensaver enabled with a password. It leaves it open for phsyical access by anyone. This is very dangerous!

Implementation

Tested for Action Elevation Script
Android 13 Command line user screenlock_check

Remediation

https://www.youtube.com/watch?v=E5OPbL4YJUk

Rollback

https://www.youtube.com/watch?v=E5OPbL4YJUk

Your device is jailbroken

Threat

Dimension : system integrity / Severity : 5

Tags : CIS Benchmark Level 1, ISO 27001/2,Mobile Device Policy, PCI-DSS,Requirement-5.1, SOC 2,CC-Mobile Device Management

Your device is jailbroken. Either you did it yourself or a bad actor did it to access your personal data. This is very dangerous! You need to restore your device to factory settings.

Implementation

Tested for Action Elevation Script
Android 13 Command line user jailbreak_check

Remediation

https://www.youtube.com/watch?v=UXyeb3n8Gc8

Rollback

https://www.youtube.com/watch?v=UXyeb3n8Gc8

Potentially compromised email address

Threat

Dimension : credentials / Severity : 4

Tags : ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-12.10, SOC 2,CC-Incident Response, Personal Posture

Your email address might have recently appeared in a data breach. Please set your email in the Identity tab, review the breaches if any and follow instructions.

Implementation

Tested for Action Elevation Script
Android 13 Command line user pwned -i 365

Remediation

Tested for Action Elevation Script
Android 13 Command line digitalidentity_manager

Rollback

https://en.wikipedia.org/wiki/Have_I_Been_Pwned

Unverified network environment

Threat

Dimension : network / Severity : 1

Tags : ISO 27001/2,Information Security Incident Management, PCI-DSS,Requirement-12.10, SOC 2,CC-Incident Response, Personal Posture

The network you are connected to is not a known one. If you are allowed to scan this network, go to the network tab and verify the presence of potentially dangerous devices.

Implementation

Tested for Action Elevation Script
Android 13 Command line user lanscan

Remediation

Tested for Action Elevation Script
Android 13 Command line network_manager

Rollback

https://en.wikipedia.org/wiki/Port_scanner

App is not up to date

Threat

Dimension : applications / Severity : 3

This app is not up to date. Applications are constantly updated to fix potential security issues. It's your best interest to get updates as soon as you can through automatic updates.

Implementation

Tested for Action Elevation Script
Android 13 Command line user latestapp_check

Remediation

https://www.youtube.com/watch?v=v9H4pcZ1QFc

Rollback

https://www.youtube.com/watch?v=v9H4pcZ1QFc

Your OS is not up to date

Threat

Dimension : system integrity / Severity : 3

Tags : CIS Benchmark Level 1, ISO 27001/2,System Update Policy, PCI-DSS,Requirement-6.2, SOC 2,CC-System Updates

Your operating system is not up to date, please proceed to upgrade to get the latest security patches.

Implementation

Tested for Action Elevation Script
Android 13 Command line user latestos_check

Remediation

https://www.youtube.com/watch?v=wLWbhRZ7VXI

Rollback

https://www.youtube.com/watch?v=wLWbhRZ7VXI