OLD: Application vetting services could look for android.permission.READ_CONTACTS in an Android application’s manifest, or NSContactsUsageDescription in an iOS application’s Info.plist file. Most applications do not need contact list access, so extra scrutiny could be applied to those that request it.
On both Android and iOS, the user can manage which applications have permission to access the contact list through the device settings screen, revoking the permission if necessary.
NEW: A defender observes an Android application requesting for android.permission.READ_CONTACTS, which may also be listed in the application's manifest file.
| Data Component | Name | Channel |
|---|---|---|
| OS API Execution (DC0021) | android:logcat | Invocation of ContactsContract.Contacts.getLookupUri() and/or ContactsContract.Contacts.lookupContact() |
| Application Permission (DC0114) | android:MDMLog | Application granted or retaining the READ_CONTACTS permission. |
Application vetting services could look for android.permission.READ_CONTACTS in an Android application’s manifest, or NSContactsUsageDescription in an iOS application’s Info.plist file. Most applications do not need contact list access, so extra scrutiny could be applied to those that request it.
On both Android and iOS, the user can manage which applications have permission to access the contact list through the device settings screen, revoking the permission if necessary.
| Data Component | Name | Channel |
|---|---|---|
| Application Permission (DC0114) | Application Vetting | None |
| System Settings (DC0118) | User Interface | None |