1. Home
  2. Detection Strategies
  3. Detection of Protected User Data

Detection of Protected User Data

Technique Detected:  Protected User Data | T1636

ID: DET0681
Domains: Mobile
Analytics: AN1786, AN1787
Version: 1.0
Created: 21 October 2025
Last Modified: 21 October 2025
Version Permalink

Analytics

AN1786

The user can view permissions granted to an application in device settings.
Application vetting services typically flag permissions requested by an application, which can be reviewed by an administrator. Certain dangerous permissions, such as RECEIVE_SMS, could receive additional scrutiny.

Log Sources
Data Component Name Channel
System Settings (DC0118) User Interface None
Permissions Requests (DC0114) Application Vetting None

AN1787

The user can view permissions granted to an application in device settings.
Application vetting services typically flag permissions requested by an application, which can be reviewed by an administrator. Certain dangerous permissions, such as RECEIVE_SMS, could receive additional scrutiny.

Log Sources
Data Component Name Channel
System Settings (DC0118) User Interface None
Permissions Requests (DC0114) Application Vetting None