Google Android 10 devices must be configured to disable the use of third-party keyboards.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-98983 | GOOG-10-011000 | SV-108087r1_rule | Low |
| Description |
|---|
| Many third-party keyboard applications are known to contain malware. SFR ID: FMT_SMF_EXT.1.1 #47 |
| STIG | Date |
|---|---|
| Google Android 10.x Security Technical Implementation Guide | 2019-12-18 |
Details
| Check Text ( C-97823r1_chk ) |
|---|
| Review device configuration settings to confirm that no third-party keyboards are enabled. This procedure is performed on both the MDM console and the Google Android 10 device. In the MDM management console, review the user restrictions section. Select "Set input methods" and insure no third-party keyboards are installed. On the Google Android 10 device, to see if a third-party keyboard is enabled: 1. Open Settings>>System>>Languages & input. 2. Tap "Virtual keyboard". 3. Tap "Manage keyboard". 4. Ensure no third-party keyboards are listed, or if third-party keyboards are present they are "Disabled by admin". If third-party keyboards are enabled, this is a finding. Google's Android operating system patch website: https://source.android.com/security/bulletin/ |
| Fix Text (F-104659r1_fix) |
|---|
| Configure Google Android 10 device to disallow the use of third-party keyboards. On the MDM console, in the Android user restrictions section, select "Set input methods" and ensure no third-party keyboards are installed. |