Title

Apple iOS/iPadOS 18 must disable recording cell phone calls on the iPhone. (Cat II impact)

Discussion

Cell phone recordings are saved as unmanaged recordings in the Notes app, which may be accessible to unmanaged apps. There is a risk that sensitive DOD information can be recorded from a cell phone call, saved in Notes, and be accessible to an unmanaged App, which may expose sensitive DOD information. SFRID: FMT_MOF_EXT.1.2 #47

Check Content

This check procedure is performed on the device management tool and the iPhone. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow call recording" is unchecked. On the iPhone: 1. Open the Settings app. 2. Tap "Apps". 3. Tap "Call Recording". 4. Verify the "Call Recording" toggle is off and grayed out (cannot be set to "On"). If "Allow Call Recording" is not disabled in the management tool or "Call Recording" can be enabled on the iPhone, this is a finding.

Fix Text

Install a configuration profile to disable recording cell phone calls.

Additional Identifiers

Rule ID: SV-272170r1067624_rule

Vulnerability ID: V-272170

Group Title: PP-MDF-993300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.