Google Android 15 COPE STIG Version Comparison

There are 2 differences between versions v1 r1 (Sept. 24, 2024) (the "left" version) and v1 r2 (Jan. 30, 2025) (the "right" version).

Check GOOG-15-006750 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Title

Google Android 15 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.

Check Content

Review managed Google Android 15 device configuration settings to determine if the mobile device has an AI application that processes device data in the cloud, including Google Gemini. This validation procedure is performed only on the EMM Administration Console. On the EMM console: 1. Review the list of selected Managed Google Play apps. 2. Verify no AI applications that processes process device data in the cloud, including Google Gemini, are included. If the EMM console device policy includes AI applications that processes process device data in the cloud, including Google Gemini, this is a finding. Note: This restriction does not include Gemini Nano. Gemini Nano is a built-in capability of Android 15 and processes device data on the device. Refer to Section 2 "Artificial Intelligence Restrictions" of the STIG Supplemental document for more information.

Discussion

Sensitive DOD data could be exposed when an AI app processes device data in the cloud. SFRID: FMT_SMF.1.1 #8

Fix

Configure the Google Android 15 device application allow list to exclude AI applications that process device data in the cloud, including Google Gemini. Note: This restriction does not include Gemini Nano. Gemini Nano is a built-in capability of Android 15 and processes device data on the device. Refer to Section 2, Artificial Intelligence Restrictions, of the STIG Supplemental document for more information.