NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0515:  Use Android APK manifest in test

Publication Date
2020.06.08

Protection Profiles
PP_APP_v1.3

Other References
FDP_DEC_EXT.1

Issue Description

Verifying the entries in the app's manifest is sufficient for meeting the Android tests for FDP_DEC_EXT.1.1 and FDP_DEC_EXT.1.2.

Resolution

The text for the For Android test for FDP_DEC_EXT.1.1 is modified as follows:

For Android: The evaluator shall verify that each <uses-permission>entry in the AndroidManifest.xml file for access to a hardware resource is reflected in the selection.

The text for the For Android test for FDP_DEC_EXT.1.2 is modified as follows:

For Android: The evaluator shall verify that each <uses-permission>entry in the AndroidManifest.xml file for access to a sentitive information repository is reflected in the selection.

Justification

Android apps must be distributed in an APK format, which must contain a manifest. The manifest must list all permissions available to the app. Allowing the manifest to be checked will fulfill the intent of the test, as described in the Application Note.

 
 
Site Map              Contact Us              Home