Google Android 14 must be configured to not allow backup of [all applications, configuration data] to locally connected systems.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258423	GOOG-14-008500	SV-258423r958524_rule		Medium

Description
Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud based), many if not all of these mechanisms are no longer present. This leaves the backed-up data vulnerable to attack. Disabling backup to external systems mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #40

Description

Data on mobile devices is protected by numerous mechanisms, including user authentication, access control, and cryptography. When the data is backed up to an external system (either locally connected or cloud based), many if not all of these mechanisms are no longer present. This leaves the backed-up data vulnerable to attack. Disabling backup to external systems mitigates this risk. SFR ID: FMT_SMF_EXT.1.1 #40

STIG	Date
Google Android 14 COPE Security Technical Implementation Guide	2024-06-05

Details

Check Text ( C-62164r928292_chk )
Review managed Google Android 14 device configuration settings to determine if the capability to back up to a locally connected system has been disabled. This validation procedure is performed on both the EMM Administration Console and the managed Google Android 14 device. On the EMM console: COBO and COPE: 1. Open "Device owner management". 2. Verify "Enable backup service" is toggled to "OFF". On the managed Google Android 14 device: COBO: 1. Go to Settings >> System >> Backup. 2. Verify Backup settings is "Not available". COPE: 1. Go to Settings >> System >> Backup. 2. Select "Work". 3. Verify Backup settings is "Not available". If the EMM console device policy is not set to disable the capability to back up to a locally connected system or on the managed Google Android 14 device, the device policy is not set to disable the capability to back up to a locally connected system, and this is a finding.

Check Text ( C-62164r928292_chk )

Review managed Google Android 14 device configuration settings to determine if the capability to back up to a locally connected system has been disabled.

This validation procedure is performed on both the EMM Administration Console and the managed Google Android 14 device.

On the EMM console:

COBO and COPE:

1. Open "Device owner management".
2. Verify "Enable backup service" is toggled to "OFF".

On the managed Google Android 14 device:

COBO:

1. Go to Settings >> System >> Backup.
2. Verify Backup settings is "Not available".

COPE:

1. Go to Settings >> System >> Backup.
2. Select "Work".
3. Verify Backup settings is "Not available".

If the EMM console device policy is not set to disable the capability to back up to a locally connected system or on the managed Google Android 14 device, the device policy is not set to disable the capability to back up to a locally connected system, and this is a finding.

Fix Text (F-62088r928293_fix)
Configure the Google Android 14 device to disable backup to locally connected systems. On the EMM console: COBO and COPE: 1. Open "Device owner management". 2. Toggle "Enable backup service" to "OFF".