Google Android 15 must be configured to disable "Private Space" use.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| high | V-269101 | PP-MDF-993300 | GOOG-15-012500 | SV-269101r1033119_rule | 2024-12-05 | 1 |
| Description |
|---|
| Private Space is an Android feature that provides a separate encrypted container on the mobile device. Apps in Private Space show up in a separate container in the launcher and are hidden from the "Recents" view, notifications, settings, and other apps when the Private Space is locked. In addition, MDM server allow list or blocklist cannot control the installation of apps into Private Space. Malware and other unauthorized apps could be installed on a DOD mobile device, which could lead to the compromise of DOD sensitive information or to an attack on the DOD network. SFRID: FMT_MOF_EXT.1.2 #47 |
| ℹ️ Check |
|---|
| Review the Google Android 15 work profile configuration settings to confirm that Private Space is disabled. This procedure is performed only on the EMM Administration console. On the EMM console: COBO: 1. Open "Set user restrictions". 2. Verify "Disallow add private profile" is set to "ON". COPE: 1. Open "Set user restrictions". 2. Verify "Disallow add private profile" is set to "ON". If on the EMM console "Disallow add private profile" is not selected, this is a finding. |
| ✔️ Fix |
|---|
| Configure the Google Android 15 device to disable "Private Space". On the EMM console: COBO: 1. Open "Set user restrictions". 2. Toggle "Disallow add private profile" to "ON". COPE: 1. Open "Set user restrictions". 2. Toggle "Disallow add private profile" to "ON". |