Skip to content

DET0602 Detection of Call Log

Item Value
ID DET0602
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1636.002 (Call Log)

Analytics

Android

AN1650

Application vetting services could look for android.permission.READ_CALL_LOG in an Android application’s manifest. Most applications do not need call log access, so extra scrutiny could be applied to those that request it. On Android, the user can manage which applications have permission to access the call log through the device settings screen, revoking the permission if necessary.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description

iOS

AN1651

Application vetting services could look for android.permission.READ_CALL_LOG in an Android application’s manifest. Most applications do not need call log access, so extra scrutiny could be applied to those that request it. On Android, the user can manage which applications have permission to access the call log through the device settings screen, revoking the permission if necessary.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description