DET0653 Detection of Execution Guardrails

Item	Value
ID	DET0653
Version	1.0
Created	21 October 2025
Last Modified	21 October 2025

Technique Detected: T1627 (Execution Guardrails)

Analytics

Android

AN1737

The user can review which applications have location and sensitive phone information permissions in the operating system’s settings menu. Application vetting services can detect unnecessary and potentially abused API calls. Application vetting services can detect unnecessary and potentially abused permissions.

Log Sources

Data Component	Name	Channel
System Settings (DC0118)	User Interface	None
API Calls (DC0112)	Application Vetting	None
Permissions Requests (DC0114)	Application Vetting	None

Mutable Elements

Field	Description

iOS

AN1738

The user can review which applications have location and sensitive phone information permissions in the operating system’s settings menu. Application vetting services can detect unnecessary and potentially abused API calls. Application vetting services can detect unnecessary and potentially abused permissions.

Log Sources

Data Component	Name	Channel
System Settings (DC0118)	User Interface	None
API Calls (DC0112)	Application Vetting	None
Permissions Requests (DC0114)	Application Vetting	None

Mutable Elements

Field	Description