Join the Reckless Community* indicates requiredEmail Address *First Name *Last Name *
Back to Google Android 13 BYOAD Security Technical Implementation Guide
Severity: Low
<VulnDiscussion>Many third-party keyboard applications are known to contain malware. SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
Review the managed Google Android 13 configuration settings to confirm that no third-party keyboards are enabled (work profile only). This procedure is performed on the EMM console. On the EMM console: 1. Open "Input methods". 2. Tap "Set input methods". 3. Verify only the approved keyboards are selected. If unapproved third-party keyboards are allowed in the work profile, this is a finding.
Configure the Google Android 13 device to disallow the use of third-party keyboards (work profile only). On the EMM console: 1. Open "Input methods". 2. Tap "Set input methods". 3. Select only the approved keyboards. Additionally, admins can configure application allowlists for Google Play so no third-party keyboards are available for user installation.