Google Pixel 3A 64Gb+4Gb LTE [117/132] Premium sms warning

[C-1-1] MUST meet the following requirements related to multi-user support .

[C-1-2] MUST, for each user, implement a security model consistent with the Android

platform security model as defined in Security and Permissions reference document in

the APIs.

[C-1-3] MUST have separate and isolated shared application storage (a.k.a. /sdcard )

directories for each user instance.

[C-1-4] MUST ensure that applications owned by and running on behalf of a given user

cannot list, read, or write to the files owned by any other user, even if the data of both

users are stored on the same volume or filesystem.

[C-1-5] MUST encrypt the contents of the SD card when multiuser is enabled using a key

stored only on non-removable media accessible only to the system if device

implementations use removable media for the external storage APIs. As this will make the

media unreadable by a host PC, device implementations will be required to switch to MTP

or a similar system to provide host PCs with access to the current user’s data.

If device implementations include multiple users and do not declare the android.hardware.telephony

feature flag, they:

[C-2-1] MUST support restricted profiles, a feature that allows device owners to manage

additional users and their capabilities on the device. With restricted profiles, device

owners can quickly set up separate environments for additional users to work in, with the

ability to manage finer-grained restrictions in the apps that are available in those

environments.

If device implementations include multiple users and declare the android.hardware.telephony feature flag,

they:

[C-3-1] MUST NOT support restricted profiles but MUST align with the AOSP

implementation of controls to enable /disable other users from accessing the voice calls

and SMS.

9.6. Premium SMS Warning

Android includes support for warning users of any outgoing premium SMS message . Premium SMS

messages are text messages sent to a service registered with a carrier that may incur a charge to the

user.

If device implementations declare support for android.hardware.telephony , they:

[C-1-1] MUST warn users before sending a SMS message to numbers identified by regular

expressions defined in /data/misc/sms/codes.xml file in the device. The upstream Android Open

Source Project provides an implementation that satisfies this requirement.

9.7. Security Features

Device implementations MUST ensure compliance with security features in both the kernel and

platform as described below.

The Android Sandbox includes features that use the Security-Enhanced Linux (SELinux) mandatory

access control (MAC) system, seccomp sandboxing, and other security features in the Linux kernel.

Device implementations:

[C-0-1] MUST maintain compatibility with existing applications, even when SELinux or any

other security features are implemented below the Android framework.

[C-0-2] MUST NOT have a visible user interface when a security violation is detected and

Page 117 of 132