Skip to content

DET0681 Detection of Protected User Data

Item Value
ID DET0681
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T1636 (Protected User Data)

Analytics

Android

AN1786

The user can view permissions granted to an application in device settings. Application vetting services typically flag permissions requested by an application, which can be reviewed by an administrator. Certain dangerous permissions, such as RECEIVE_SMS, could receive additional scrutiny.

Log Sources
Data Component Name Channel
System Settings (DC0118) User Interface None
Permissions Requests (DC0114) Application Vetting None
Mutable Elements
Field Description

iOS

AN1787

The user can view permissions granted to an application in device settings. Application vetting services typically flag permissions requested by an application, which can be reviewed by an administrator. Certain dangerous permissions, such as RECEIVE_SMS, could receive additional scrutiny.

Log Sources
Data Component Name Channel
System Settings (DC0118) User Interface None
Permissions Requests (DC0114) Application Vetting None
Mutable Elements
Field Description