DET0603 Detection of Device Lockout
| Item | Value |
|---|---|
| ID | DET0603 |
| Version | 1.0 |
| Created | 21 October 2025 |
| Last Modified | 21 October 2025 |
Technique Detected: T1629.002 (Device Lockout)
Analytics
Android
AN1652
The user can view a list of device administrators in device settings and revoke permission where appropriate. Applications that request device administrator permissions should be scrutinized further for malicious behavior.
Log Sources
| Data Component | Name | Channel |
|---|---|---|
| System Settings (DC0118) | User Interface | None |
Mutable Elements
| Field | Description |
|---|---|