1. Home
  2. Detection Strategies
  3. Detection of Virtualization/Sandbox Evasion

Detection of Virtualization/Sandbox Evasion

Technique Detected:  Virtualization/Sandbox Evasion | T1633

ID: DET0616
Domains: Mobile
Analytics: AN1673, AN1674
Version: 1.0
Created: 21 October 2025
Last Modified: 21 October 2025
Version Permalink

Analytics

AN1673

Application vetting services could look for applications attempting to get android.os.SystemProperties or getprop with the runtime exec() commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None

AN1674

Application vetting services could look for applications attempting to get android.os.SystemProperties or getprop with the runtime exec() commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None