GOOG-13-710500 - The Google Android 13 work profile must be configured to disable the autofill services.

Information

The autofill services allow the user to complete text inputs that could contain sensitive information, such as personally identifiable information (PII), without previous knowledge of the information. By allowing the use of autofill services, an adversary who learns a user's Android 13 device password, or who otherwise can unlock the device, may be able to further breach other systems by relying on the autofill services to provide information unknown to the adversary. By disabling the autofill services, the risk of an adversary gaining further information about the device's user or compromising other systems is significantly mitigated.

Examples of apps that offer autofill services include Samsung Pass, Google, Dashlane, LastPass, and 1Password.

SFR ID: FMT_SMF_EXT.1.1 #47

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Configure the Google Android 13 device work profile to disable the autofill services.

On the EMM console:

1. Open 'Set user restrictions'.
2. Toggle 'Disallow autofill' to 'ON'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Android_13_BYOAD_Y24M04_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-258494r929520_rule, STIG-ID|GOOG-13-710500, Vuln-ID|V-258494

Plugin: MDM

Control ID: 2dd3a4bd6be375a18e187fbd26c9659735793b2b1f2f3442b40b49bfd7e956b9