A variety of methods exist that can be used to enable enterprises to identify compromised (e.g. rooted/jailbroken) devices, whether using security mechanisms built directly into the device, third-party mobile security applications, enterprise mobility management (EMM)/mobile device management (MDM) capabilities, or other methods. Some methods may be trivial to evade while others may be more sophisticated.

ID: M1010

Version: 1.0

Created: 25 October 2017

Last Modified: 17 October 2018

Version Permalink

Live Version

Techniques Addressed by Mitigation

Domain	ID		Name	Use
Mobile	T1446		Device Lockout
Mobile	T1579		Keychain	Mobile security products can potentially detect jailbroken devices and take responsive action.