DS0042 User Interface

Visual activity on the device that could alert the user to potentially malicious behavior.

Data Components

System prompts triggered when an application requests new or additional permissions

Domain	ID	Name
mobile	T1626	Abuse Elevation Control Mechanism
mobile	T1626.001	Device Administrator Permissions
mobile	T1638	Adversary-in-the-Middle
mobile	T1420	File and Directory Discovery

Notifications generated by the OS

Domain	ID	Name
mobile	T1627	Execution Guardrails
mobile	T1627.001	Geofencing
mobile	T1541	Foreground Persistence
mobile	T1430	Location Tracking
mobile	T1430.001	Remote Device Management Services
mobile	T1464	Network Denial of Service
mobile	T1644	Out of Band Data
mobile	T1635	Steal Application Access Token
mobile	T1635.001	URI Hijacking

Settings visible to the user on the device

Domain	ID	Name
mobile	T1626	Abuse Elevation Control Mechanism
mobile	T1626.001	Device Administrator Permissions
mobile	T1517	Access Notifications
mobile	T1429	Audio Capture
mobile	T1616	Call Control
mobile	T1642	Endpoint Denial of Service
mobile	T1627	Execution Guardrails
mobile	T1627.001	Geofencing
mobile	T1643	Generate Traffic from Victim
mobile	T1628	Hide Artifacts
mobile	T1628.001	Suppress Application Icon
mobile	T1629	Impair Defenses
mobile	T1629.001	Prevent Application Removal
mobile	T1629.002	Device Lockout
mobile	T1629.003	Disable or Modify Tools
mobile	T1630	Indicator Removal on Host
mobile	T1630.001	Uninstall Malicious Application
mobile	T1630.002	File Deletion
mobile	T1417	Input Capture
mobile	T1417.001	Keylogging
mobile	T1417.002	GUI Input Capture
mobile	T1430	Location Tracking
mobile	T1636	Protected User Data
mobile	T1636.001	Calendar Entries
mobile	T1636.002	Call Log
mobile	T1636.003	Contact List
mobile	T1636.004	SMS Messages
mobile	T1513	Screen Capture
mobile	T1582	SMS Control
mobile	T1632	Subvert Trust Controls
mobile	T1632.001	Code Signing Policy Modification
mobile	T1512	Video Capture