Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.

An XCCDF Rule

Description

<VulnDiscussion>Sensitive DOD data could be exposed when an AI app processes device data in the cloud. SFRID: FMT_SMF.1.1 #8</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-267533r1033066_rule
Severity: Medium
References: CCI-000803
Updated: 16 days ago

Configure the Google Android 15 device application allow list to exclude AI applications that process device data in the cloud, including Google Gemini. 

Note: This restriction does not include Gemini Nano. Gemini Nano is a built-in capability of Android 15 and processes device data on the device.

Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.

Description

Remediation - Manual Procedure