Skip to content

DET0679 Detection of Contact List

Item Value
ID DET0679
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1636.003 (Contact List)

Analytics

Android

AN1782

Application vetting services could look for android.permission.READ_CONTACTS in an Android application’s manifest, or NSContactsUsageDescription in an iOS application’s Info.plist file. Most applications do not need contact list access, so extra scrutiny could be applied to those that request it. On both Android and iOS, the user can manage which applications have permission to access the contact list through the device settings screen, revoking the permission if necessary.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description

iOS

AN1783

Application vetting services could look for android.permission.READ_CONTACTS in an Android application’s manifest, or NSContactsUsageDescription in an iOS application’s Info.plist file. Most applications do not need contact list access, so extra scrutiny could be applied to those that request it. On both Android and iOS, the user can manage which applications have permission to access the contact list through the device settings screen, revoking the permission if necessary.

Log Sources
Data Component Name Channel
Permissions Requests (DC0114) Application Vetting None
System Settings (DC0118) User Interface None
Mutable Elements
Field Description