Title

Apple iOS/iPadOS 26 must disable recording cell phone calls on the iPhone. (Cat II impact)

Discussion

Cell phone recordings are saved as unmanaged recordings in the Notes app, which may be accessible to unmanaged apps. There is a risk that sensitive DOD information can be recorded from a cell phone call, saved in Notes, and be accessible to an unmanaged App, which may expose sensitive DOD information. SFR ID: FMT_MOF_EXT.1.2 #47

Check Content

This check procedure is performed on the device management tool and the iPhone. Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the iOS management tool, verify "Allow call recording" is unchecked. On the iPhone: 1. Open the Settings app. 2. Tap "Apps". 3. Tap "Phone" 4. Tap "Call Recording". 5. Verify the "Call Recording" toggle is off and grayed out (cannot be set to "On"). If "Allow Call Recording" is not disabled in the management tool or "Call Recording" can be enabled on the iPhone, this is a finding.

Fix Text

Install a configuration profile to disable recording cell phone calls. Configuration Profile Key: allowCallRecording

Additional Identifiers

Rule ID: SV-278830r1150737_rule

Vulnerability ID: V-278830

Group Title: PP-MDF-993300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.