Skip to content

DET0648 Detection of Geofencing

Item Value
ID DET0648
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1627.001 (Geofencing)

Analytics

Android

AN1728

Application vetting services can detect unnecessary and potentially abused location permissions. On Android 10 and later, the system shows a notification to the user when an app has been accessing device location in the background. Application vetting services can detect unnecessary and potentially abused API calls. The user can review which applications have location permissions in the operating system’s settings menu.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Notifications (DC0117) User Interface None
API Calls (DC0112) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description

iOS

AN1729

Application vetting services can detect unnecessary and potentially abused location permissions. On Android 10 and later, the system shows a notification to the user when an app has been accessing device location in the background. Application vetting services can detect unnecessary and potentially abused API calls. The user can review which applications have location permissions in the operating system’s settings menu.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Notifications (DC0117) User Interface None
API Calls (DC0112) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description