A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.

ID: M1010

Version: 1.0

Created: 25 October 2017

Last Modified: 17 October 2018

Techniques Addressed by Mitigation

Domain	ID	Name	Description
Mobile	T1446	Device Lockout