STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Google Android 17 COPE Security Technical Implementation Guide

V-284844

CAT I (High)

Google Android 17 must be configured to disable Private Space use.

Rule ID

SV-284844r1240699_rule

STIG

Google Android 17 COPE Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000370

Discussion

Private Space is an Android feature that provides a separate encrypted container on the mobile device. Apps in Private Space show up in a separate container in the launcher and are hidden from the "Recents" view, notifications, settings, and other apps when the private space is locked. In addition, an MDM server allow list or block list cannot control the installation of apps into Private Space. Malware and other unauthorized apps could be installed on a DoW mobile device, which could lead to the compromise of DoW sensitive information or to an attack on the DoW network. SFR ID: FMT_MOF_EXT.1.2 #47

Check Content

Review the Google Android 17 work profile configuration settings to confirm that Private Space is disabled. 
 
This procedure is performed only on the EMM administration console. 
 
On the EMM console:

COBO:

1. Open "Set user restrictions".
2. Verify that "Disallow add private profile" is set to "ON".

COPE:

1. Open "Set user restrictions".
2. Verify that "Disallow add private profile" is set to "ON".
 
If on the EMM console "Disallow add private profile" is not selected, this is a finding.

Fix Text

Configure the Google Android 17 device to disable Private Space. 
 
On the EMM console:

COBO:

1. Open "Set user restrictions".
2. Toggle "Disallow add private profile" to "ON".

COPE:

1. Open "Set user restrictions".
2. Toggle "Disallow add private profile" to "ON".

Configuration API: DISALLOW_ADD_PRIVATE_PROFILE