Skip to content

M1007 Caution with Device Administrator Access

Warn device users not to accept requests to grant Device Administrator access to applications without good reason.

Additionally, application vetting should include a check on whether the application requests Device Administrator access. Applications that do request Device Administrator access should be carefully scrutinized and only allowed to be used if a valid reason exists.

Item Value
ID M1007
Version 1.0
Created 25 October 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
mobile T1447 Delete Device Data There are very limited circumstances under which device administrator access should be granted.
mobile T1446 Device Lockout -
Back to top