OLD: Application vetting services could look for android.permission.READ_SMS in an Android application’s manifest. Most applications do not need access to SMS messages, so extra scrutiny could be applied to those that request it.
On Android, the user can manage which applications have permission to access SMS messages through the device settings screen, revoking the permission if necessary.
NEW: A defender observes an Android application requesting for android.permission. READ_SMS and/or android.permission. RECEIVE_SMS, which may also be listed in the application's manifest file.
| Data Component | Name | Channel |
|---|---|---|
| Application Permission (DC0114) | android:MDMLog | Application granted or retaining the READ_SMS or RECEIVE_SMS permission. |
Application vetting services could look for android.permission.READ_SMS in an Android application’s manifest. Most applications do not need access to SMS messages, so extra scrutiny could be applied to those that request it.
On Android, the user can manage which applications have permission to access SMS messages through the device settings screen, revoking the permission if necessary.
| Data Component | Name | Channel |
|---|---|---|
| Application Permission (DC0114) | Application Vetting | None |
| System Settings (DC0118) | User Interface | None |