Skip to content

DET0675 Detection of Location Tracking

Item Value
ID DET0675
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1430 (Location Tracking)

Analytics

Android

AN1776

In both Android (6.0 and up) and iOS, the user can view which applications have the permission to access the device location through the device settings screen and revoke permissions as necessary. Android applications requesting the ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, or ACCESS_BACKGROUND_LOCATION permissions and iOS applications including the NSLocationWhenInUseUsageDescription, NSLocationAlwaysAndWhenInUseUsageDescription, and/or NSLocationAlwaysUsageDescription keys in their Info.plist file could be scrutinized during the application vetting process.

Log Sources
Data Component Name Channel
System Settings (DC0118) User Interface None
Permissions Requests (DC0114) Application Vetting None
Mutable Elements
Field Description

iOS

AN1777

In both Android (6.0 and up) and iOS, the user can view which applications have the permission to access the device location through the device settings screen and revoke permissions as necessary. Android applications requesting the ACCESS_COARSE_LOCATION, ACCESS_FINE_LOCATION, or ACCESS_BACKGROUND_LOCATION permissions and iOS applications including the NSLocationWhenInUseUsageDescription, NSLocationAlwaysAndWhenInUseUsageDescription, and/or NSLocationAlwaysUsageDescription keys in their Info.plist file could be scrutinized during the application vetting process.

Log Sources
Data Component Name Channel
System Settings (DC0118) User Interface None
Permissions Requests (DC0114) Application Vetting None
Mutable Elements
Field Description