DET0637 Detection of Foreground Persistence
| Item | Value |
|---|---|
| ID | DET0637 |
| Version | 1.0 |
| Created | 21 October 2025 |
| Last Modified | 21 October 2025 |
Technique Detected: T1541 (Foreground Persistence)
Analytics
Android
AN1711
The user can see persistent notifications in their notification drawer and can subsequently uninstall applications that do not belong.
Applications could be vetted for their use of the startForeground() API, and could be further scrutinized if usage is found.
Log Sources
| Data Component | Name | Channel |
|---|---|---|
| System Notifications (DC0117) | User Interface | None |
| API Calls (DC0112) | Application Vetting | None |
Mutable Elements
| Field | Description |
|---|---|