threatmodel Android EN - edamametechnologies/threatmodels GitHub Wiki

Android Threat Model (EN)

Contents

MDM profiles installed

Threat

Dimension : system integrity / Severity : 5

Tags : Personal Posture

You have one or more Mobile Device Management (MDM) profiles installed on your device. This means that your device is or can be remotely administered by a 3rd party. If this is your personal device, this is a grave threat and the profiles should be removed.

Implementation

Tested for Action Elevation Script
Android 11 Command line user mdm_check

Remediation

https://support.google.com/work/android/answer/6191949?hl=en

Rollback

https://support.google.com/work/android/answer/6191949?hl=en

Screen lock disabled

Threat

Dimension : credentials / Severity : 3

Tags : CIS Benchmark Level 1,Maximum screen lock timeout, ISO 27001/2,A.11.2.8-Unattended User Equipment, SOC 2,CC6.1-Access Control

Your device doesn't have a screensaver enabled with a password. It leaves it open for physical access by anyone. This is very dangerous!

Implementation

Tested for Action Elevation Script
Android 11 Command line user screenlock_check

Remediation

https://support.google.com/android/answer/9079129?hl=en

Rollback

https://support.google.com/android/answer/9079129?hl=en

Your device is jailbroken

Threat

Dimension : system integrity / Severity : 5

Tags : CIS Benchmark Level 1,Ensure device is not rooted

Your device is jailbroken. Either you did it yourself or a bad actor did it to access your personal data. This is very dangerous! You need to restore your device to factory settings.

Implementation

Tested for Action Elevation Script
Android 11 Command line user jailbreak_check

Remediation

https://support.google.com/android/answer/6088915?hl=en

Rollback

https://support.google.com/android/answer/6088915?hl=en

Potentially compromised email address

Threat

Dimension : credentials / Severity : 4

Tags : Personal Posture

Check if your email address might have recently appeared in a data breach.

Implementation

Tested for Action Elevation Script
Android 11 Command line user pwned -i 365

Remediation

Tested for Action Elevation Script
Android 11 Command line digitalidentity_manager

Rollback

https://haveibeenpwned.com/

Unverified or unsafe network environment

Threat

Dimension : network / Severity : 1

Tags : Personal Posture

The network you are connected to is not a known one or it contains unsafe devices. If you are allowed to scan this network, go to the network tab and verify the presence of potentially dangerous devices.

Implementation

Tested for Action Elevation Script
Android 11 Command line user lanscan

Remediation

Tested for Action Elevation Script
Android 11 Command line network_manager

Rollback

Tested for Action Elevation Script
Android 11 Command line network_manager

App is not up to date

Threat

Dimension : applications / Severity : 3

This app is not up to date. Applications are constantly updated to fix potential security issues. It's your best interest to get updates as soon as you can through automatic updates.

Implementation

Tested for Action Elevation Script
Android 11 Command line user latestapp_check

Remediation

https://support.google.com/googleplay/answer/113412?hl=en

Rollback

https://support.google.com/googleplay/answer/113412?hl=en

Your OS is not up to date

Threat

Dimension : system integrity / Severity : 3

Tags : CIS Benchmark Level 1,System is up to date

Your operating system is not up to date, please upgrade it to get the latest security patches.

Implementation

Tested for Action Elevation Script
Android 11 Command line user latestos_check

Remediation

https://support.google.com/android/answer/7680439?hl=en

Rollback

https://support.google.com/android/answer/7680439?hl=en

Weak password

Threat

Dimension : credentials / Severity : 4

Tags : CIS Benchmark Level 1,Ensure minimum password length

Your device password strength is insufficient. Ensure you are using at least a 6-digit PIN for better security.

Implementation

Tested for Action Elevation Script
Android 11 Command line user password_check

Remediation

https://support.google.com/android/answer/9079129?hl=en

Rollback

https://support.google.com/android/answer/9079129?hl=en

Biometric authentication disabled

Threat

Dimension : credentials / Severity : 4

Your device's biometric authentication is disabled. Enabling biometric authentication can significantly improve your device's security.

Implementation

Tested for Action Elevation Script
Android 11 Command line user biometric_check

Remediation

https://support.google.com/pixelphone/answer/9517039?hl=en

Rollback

https://support.google.com/pixelphone/answer/9517039?hl=en

Play Protect disabled

Threat

Dimension : applications / Severity : 4

Tags : CIS Benchmark Level 1,Enable Google Play Protect

Google Play Protect is disabled on your device. Enable Play Protect to improve security against harmful apps.

Implementation

Tested for Action Elevation Script
Android 11 Command line user play_protect_check

Remediation

https://support.google.com/googleplay/answer/2812853?hl=en

Rollback

https://support.google.com/googleplay/answer/2812853?hl=en

Device encryption disabled

Threat

Dimension : system integrity / Severity : 5

Tags : ISO 27001/2,A.8.3.1-Media Protection, SOC 2,CC6.7-Encryption

Your device's storage is not encrypted. Enable encryption to protect your data from unauthorized access.

Implementation

Tested for Action Elevation Script
Android 11 Command line user encryption_check

Remediation

https://support.google.com/nexus/answer/2844831?hl=en

Rollback

https://support.google.com/nexus/answer/2844831?hl=en