DET0652 Detection of Application Versioning

Item	Value
ID	DET0652
Version	1.0
Created	21 October 2025
Last Modified	21 October 2025

Technique Detected: T1661 (Application Versioning)

Analytics

Android

AN1735

Application vetting services may detect when an application requests permissions after an application update. Application vetting services may look for indications that the application’s update includes malicious code at runtime. Application vetting services may be able to list domains and/or IP addresses that applications communicate with.

Log Sources

Data Component	Name	Channel
Permissions Requests (DC0114)	Application Vetting	None
API Calls (DC0112)	Application Vetting	None
Network Communication (DC0113)	Application Vetting	None

Mutable Elements

Field	Description

iOS

AN1736

Application vetting services may detect when an application requests permissions after an application update. Application vetting services may look for indications that the application’s update includes malicious code at runtime. Application vetting services may be able to list domains and/or IP addresses that applications communicate with.

Log Sources

Data Component	Name	Channel
Permissions Requests (DC0114)	Application Vetting	None
API Calls (DC0112)	Application Vetting	None
Network Communication (DC0113)	Application Vetting	None

Mutable Elements

Field	Description