Google Android 15 must allow only the administrator (MDM) to perform the following management function: Disable Phone Hub.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-267464 | GOOG-15-012400 | SV-267464r1033054_rule | Low |
| Description |
| It may be possible to transfer work profile data on a DOD Android device to an unauthorized Chromebook if the user has the same Google Account set up on the Chromebook and in the work profile on the Android device. This may result in the exposure of sensitive DOD data. SFRID: FMT_MOF_EXT.1.2 #47 |
| STIG | Date |
| Google Android 15 COBO Security Technical Implementation Guide | 2024-12-05 |
Details
| Check Text (C-71388r1033053_chk) |
| Review the EMM configuration to confirm phone hub has been disabled. On the management tool: 1. Open "Nearby notification streaming policy". 2. Verify "Nearby notification streaming policy" is set to "Disabled". 3. Open "Nearby app streaming policy". 4. Verify "Nearby app streaming policy" is set to "Disabled". If on the management tool the "Nearby Streaming Policy" is not set to "Disabled" and "Nearby app streaming policy" is not set to "Disabled", this is a finding. Note: From a Chromebook, if a device is connected to the Phone Hub, try to set up the Notifications. It will fail to connect to the device to complete the setup if phone hub has been disabled on the DOD Android device. |
| Fix Text (F-71291r1031576_fix) |
| Configure Google Android 15 device to disable the nearby notification streaming policy to disable Phone Hub. COPE and COBO: On the EMM console: 1. Open "Nearby notification streaming policy". 2. Set "Nearby notification streaming policy" to "Disabled". 3. Open "Nearby app streaming policy". 4. Set "Nearby app streaming policy" to "Disabled". |