Caution with Device Administrator Access

Warn device users not to accept requests to grant Device Administrator access to applications without good reason.

Additionally, application vetting should include a check on whether the application requests Device Administrator access. Applications that do request Device Administrator access should be carefully scrutinized and only allowed to be used if a valid reason exists.

ID: M1007
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Techniques Addressed by Mitigation

Domain ID Name Use
Mobile T1401 Abuse Device Administrator Access to Prevent Removal
Mobile T1447 Delete Device Data

There are very limited circumstances under which device administrator access should be granted.

Mobile T1446 Device Lockout