Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.

An XCCDF Rule

Description

<VulnDiscussion>Backups to remote systems (including cloud backup) can leave data vulnerable to breach on the external systems, which often offer less protection than the mobile operating system (MOS). Where the remote backup involves a cloud-based solution, the backup capability is often used to synchronize data across multiple devices. In this case, DOD devices may synchronize DOD sensitive information to a user's personal device or other unauthorized computers that are vulnerable to breach. Disallowing remote backup mitigates this risk. SFRID: FMT_SMF.1.1 #40</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-267446r1031523_rule
Severity: Medium
References: CCI-001090
Updated: 16 days ago

Configure the Google Android 15 device to disable backup to remote systems (including commercial clouds).

On the EMM console:

COBO and COPE:
1. Open "Device owner management".
2. Toggle "Enable backup service" to "OFF".

Note: Since personal accounts cannot be added to the work profile (GOOG-15-009800), this control only impacts personal profile accounts. Site can allow backup based on local policy.

Google Android 15 must be configured to not allow backup of [all applications, configuration data] to remote systems.

Description

Remediation - Manual Procedure