Excessive app permissions
MaaS360 Endpoint Threat Management identifies app permissions that are deemed excessive from the security standpoint of your organization.
Excessive permissions give your app access to private user data and allow that app to perform potentially dangerous actions. Many apps request permissions to access information that is not required for the app to function. For example, a calendar app does not require permission to access your microphone and camera. When you grant unnecessary permissions, apps can exploit those permissions to steal sensitive information such as location, contact information, and photos.
- Android
Deploying endpoint security policies
Policy configuration
You must configure and push EPS policies to detect apps that use excessive app permissions on managed devices.
- From the MaaS360 Portal Home page, navigate to .
- Open an EPS policy and then click App Permissions.
- Click Edit and then select Enable App Permissions.
- Configure the following settings:
Setting Description Supported OS Permissions to be monitored The permissions that are considered as excessive. - Call Logs
- Camera
- SMS
- Microphone
- Device Administrator
- Location
Note:- Even though these permissions are all considered excessive, only the Device Administrator permission contributes to the user risk score.
- You can use the plus (+) icon to add multiple permissions.
Android Exempt System Applications System apps that are exempted from scanning for excessive permissions. Android Exempt App Catalog Applications Managed apps, which are distributed through App Catalog, that are exempt from scanning for excessive permissions. Android Exempted Applications App IDs of apps that are exempt from scanning for excessive permissions. Android
Policy assignments
You must assign endpoint security policies to a device, user, device group, or user group from the corresponding workflows. For more information about policy assignments, see Configuring endpoint security policies.
Configuring risk rules
- From the MaaS360 Portal Home page, navigate to .
- Configure the following settings:Risk rules
- No of apps with excessive permissions
Condition: Define the severity of the excessive app permissions.
Default ConditionIf the number of apps with excessive permissions is... Then the severity is... More than or equal to 1 High Note: This rule takes into account the number of apps with excessive permissions rather than the total number of permissions violated at the app level. For example, the severity of the device that has two apps with one excessive permission is higher than the device that has one app with six excessive permissions.
What happens when excessive app permissions are detected in the device?
- Displays the list of apps that use excessive app permissions in the Security app.
- Provides users with options to either revoke app permissions or remove app.
Tracking excessive app permissions on the Security Dashboard
Devices report excessive permission incidents to the MaaS360 Portal in real-time. If those incidents meet the Risk Rule criteria set by administrators, MaaS360 generates a risk incident in the Security Dashboard.
- Go to .
- In the Top risk incidents widget, click the Affected
devices link:
The affected devices are displayed.
- Click on the username. The User Summary page displays all the risk
incidents against the affected device.
- Click App permissions to view more details about that risk incident.
- You can also review the list of apps that used excessive app permissions for the last 30 days in
the Excessive App Permissions Security Dashboard widget.
- Click on a bar to view the list of apps that used the excessive permission.
For more information about other common widgets on the Security Dashboard, see Tracking security events on the Security Dashboard.