STIGhubSTIGhub
STIGhub— A free STIG search and compliance tool·STIGs updated just now
Powered by Pylon·Privacy·Terms·Feedback·© 2026 Beacon Cloud Solutions, Inc.
← Back to Google Android 17 COPE Security Technical Implementation Guide

V-284801

CAT II (Medium)

Google Android 17 allow list must be configured to not include artificial intelligence (AI) applications that process device data in the cloud, including Google Gemini.

Rule ID

SV-284801r1240661_rule

STIG

Google Android 17 COPE Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000803

Discussion

Sensitive DoW data could be exposed when an AI app processes device data in the cloud. SFR ID: FMT_SMF_EXT.1.1 #8

Check Content

Review managed Google Android 17 device configuration settings to determine if the mobile device has an AI application that processes device data in the cloud, including Google Gemini.

This validation procedure is performed only on the EMM administration console.

On the EMM console:

1. Review the list of selected managed Google Play apps.
2. Verify no AI applications that process device data in the cloud, including Google Gemini, are listed.

If the EMM console device policy includes AI applications that process device data in the cloud, including Google Gemini, this is a finding.

Note: This restriction does not include Gemini Nano. Gemini Nano is a built-in capability of Android 17 and processes device data on the device. Refer to the STIG Supplemental document, Section 2, Artificial Intelligence Restrictions, for more information.

Fix Text

Configure the Google Android 17 device application allowlist to exclude AI applications that process device data in the cloud, including Google Gemini.

Note: This restriction does not include Gemini Nano. Gemini Nano is a built-in capability of Android 17 and processes device data on the device. Refer to the STIG Supplemental document, Section 2, Artificial Intelligence Restrictions, for more information.