The user may view applications with administrator access through the device settings and may also notice if user data is inexplicably missing.
Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting file deletion processes.
The user is prompted for approval when an application requests device administrator permissions.
Application vetting services may detect API calls for deleting files.
Mobile security products can detect which applications can request device administrator permissions. Application vetting services could be extra scrutinous of applications that request device administrator permissions.
| Data Component | Name | Channel |
|---|---|---|
| System Settings (DC0118) | User Interface | None |
| Command Execution (DC0064) | Command | None |
| Permissions Request (DC0116) | User Interface | None |
| API Calls (DC0112) | Application Vetting | None |
| Permissions Requests (DC0114) | Application Vetting | None |