M1007 Caution with Device Administrator Access
Warn device users not to accept requests to grant Device Administrator access to applications without good reason.
Additionally, application vetting should include a check on whether the application requests Device Administrator access. Applications that do request Device Administrator access should be carefully scrutinized and only allowed to be used if a valid reason exists.
|Created||25 October 2017|
|Last Modified||17 October 2018|
|Navigation Layer||View In ATT&CK® Navigator|
Techniques Addressed by Mitigation
|mobile||T1447||Delete Device Data||There are very limited circumstances under which device administrator access should be granted.|