DET0638 Detection of File Deletion

Technique Detected: T1630.002 (File Deletion)

Analytics

Android

AN1712

Mobile security products can detect which applications can request device administrator permissions. Application vetting services could be extra scrutinous of applications that request device administrator permissions. The user can view applications with administrator access through the device settings, and may also notice if user data is inexplicably missing.

Log Sources

Mutable Elements