Caution with Device Administrator Access

Warn device users not to accept requests to grant Device Administrator access to applications without good reason.

Additionally, application vetting should include a check on whether the application requests Device Administrator access. Applications that do request Device Administrator access should be carefully scrutinized and only allowed to be used if a valid reason exists.

ID: M1007
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Techniques Addressed by Mitigation

Domain ID Name Use
Mobile T1401 Abuse Device Administrator Access to Prevent Removal
Mobile T1447 Delete Device Data
Mobile T1446 Device Lockout