DET0642 Detection of Abuse Elevation Control Mechanism
| Item | Value |
|---|---|
| ID | DET0642 |
| Version | 1.0 |
| Created | 21 October 2025 |
| Last Modified | 21 October 2025 |
Technique Detected: T1626 (Abuse Elevation Control Mechanism)
Analytics
Android
AN1718
Application vetting services can detect when an application requests administrator permission. When an application requests administrator permission, the user is presented with a popup and the option to grant or deny the request.
Log Sources
| Data Component | Name | Channel |
|---|---|---|
| Permissions Requests (DC0114) | Application Vetting | None |
| Permissions Request (DC0116) | User Interface | None |
Mutable Elements
| Field | Description |
|---|---|