Samsung Android 15 allowlist must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.

An XCCDF Rule

Description

Sensitive DOD data could be exposed when an AI app processes device data in the cloud. SFRID: FMT_SMF.1.1 #8

ID: SV-268932r1036364_rule
Version: KNOX-15-005700
Severity: Medium
References: CCI-000803
Updated: about 2 months ago

Remediation Templates

On the EMM console:

1. Review the list of selected Managed Google Play apps.
2. Verify no AI applications that process device data in the cloud, including Google Gemini, are included.

Note: This restriction does not include Galaxy on device AI. Galaxy on device API is a "built-in" capability of Android 15 and processes device data on the device.
Disallow modify accounts (refer to requirement KNOX-15-009200).

Apply the "Disallow Intelligence Online Processing" using the KPE API or KSP. The KPE API is allowIntelligenceOnlineProcessing(false), and the KSP restriction is "Allow process data only on device", which should be set to "true".

Samsung Android 15 allowlist must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.

Description

Remediation Templates

A Manual Procedure