1. Home
  2. Detection Strategies
  3. Detection of Security Software Discovery

Detection of Security Software Discovery

Technique Detected:  Security Software Discovery | T1418.001

ID: DET0680
Domains: Mobile
Analytics: AN1784, AN1785
Version: 1.0
Created: 21 October 2025
Last Modified: 21 October 2025
Version Permalink

Analytics

AN1784

Application vetting services could look for the Android permission android.permission.QUERY_ALL_PACKAGES, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API LSApplicationWorkspace and apply extra scrutiny to applications that employ it.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None

AN1785

Application vetting services could look for the Android permission android.permission.QUERY_ALL_PACKAGES, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API LSApplicationWorkspace and apply extra scrutiny to applications that employ it.

Log Sources
Data Component Name Channel
API Calls (DC0112) Application Vetting None