mindedsecurity · Sparrrgh · Sep 2, 2023 · Oct 5, 2023 · Jan 31, 2024 · May 28, 2024
diff --git a/rules/storage/mstg-storage-11.yaml b/rules/storage/mstg-storage-11.yaml
@@ -5,16 +5,19 @@ rules:
       - xml
     metadata:
       authors:
-        - Riccardo Cardelli @gand3lf (IMQ Minded Security)
+        - Sparrrgh
       owasp-mobile: M1
       category: security
       area: storage
       verification-level:
         - L2
       references:
         - https://github.com/OWASP/owasp-mastg/blob/v1.5.0/Document/0x05d-Testing-Data-Storage.md#testing-the-device-access-security-policy-mstg-storage-11
-    message: The application allows to use Android versions earlier than 23.
+    message: The application does not implement a Device-Access-Security policy.
     patterns:
-      - pattern: <uses-sdk android:minSdkVersion="$X" />
-      - metavariable-comparison:
-          comparison: int($X)<23
+      - pattern-regex: |
+          (?s)(.*)
+      - pattern-not-regex: (<action\s+android:name="android\.app\.action\.DEVICE_ADMIN_ENABLED"\/>)
+    paths:
+      include:
+        - "**/AndroidManifest.xml"