Apple iOS/iPadOS 18 must disable the ability to hide apps.

STIG ID: AIOS-18-015600  |  SRG: PP-MDF-993300 |  Severity: high |  CCI: CCI-000366 |  Vulnerability Id: V-272169

Vulnerability Discussion

Hidden apps cannot be seen by enterprise management applications (e.g., MDM server), and therefore, unauthorized apps or apps with embedded malware could be installed and hidden from the MDM or mobile threat detection (MTD) apps. Hidden apps may lead to the compromise of sensitive DOD data or provide a vector to attacks on the DOD network.
FMT_MOF_EXT.1.2 #47

Check

This check procedure is performed on the device management tool and the iPhone and iPad.

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review.

In the iOS management tool, verify "Allow Apps to be hidden" is unchecked.

On the iPhone and iPad device:
1. Open the Settings app.
2. Tap "Apps".
3. At the bottom of the list of Apps, tap "Hidden Apps".
4. Verify there are no hidden apps listed.

If "Allow Apps to be hidden" is not disabled in the management tool or there are hidden apps installed on enterprise iPhones and iPads, this is a finding.

Fix

Install a configuration profile to disable hiding apps on iPhones and iPads.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.