Skip to content

DET0680 Detection of Security Software Discovery

Item Value
ID DET0680
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1418.001 (Security Software Discovery)

Analytics

Android

AN1784

Application vetting services could look for the Android permission android.permission.QUERY_ALL_PACKAGES, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API LSApplicationWorkspace and apply extra scrutiny to applications that employ it.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description

iOS

AN1785

Application vetting services could look for the Android permission android.permission.QUERY_ALL_PACKAGES, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API LSApplicationWorkspace and apply extra scrutiny to applications that employ it.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None
Mutable Elements
Field Description