Abuse Device Administrator Access to Prevent Removal
A malicious application can request Device Administrator privileges. If the user grants the privileges, the application can take steps to make its removal more difficult.
|Application Vetting||It is rare for applications to utilize Device Administrator access. App vetting can detect apps that do so, and those apps should be closely scrutinized. Maggi and Zanero describe a static analysis approach that can be used to identify ransomware apps including apps that abuse Device Administrator access.|
|Caution with Device Administrator Access|
|Use Recent OS Version||Changes were made in Android 7 to help prevent use of this technique.|
The device user can view a list of apps with Device Administrator privilege in the device settings.
- Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.
- Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.
- Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.