Device Type Discovery

On Android, device type information is accessible to apps through the android.os.Build class [1]. Device information could be used to target privilege escalation exploits.

ID: T1419

Tactic Type:  Post-Adversary Device Access

Tactic: Discovery

Platform:  Android

Version: 1.0

Mitigations

MitigationDescription
Application VettingApp vetting procedures can search for apps that use the android.os.Build class, but these procedures could potentially be evaded and are likely not practical in this case, as many apps are likely to use this functionality as part of their legitimate behavior.

Examples

NameDescription
Android/Chuli.A

Android/Chuli.A gathered device data including phone number, OS version, phone model, and SDK version.[2]

ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A gathers the device build version, manufacturer, and model.[3]

RedDrop

RedDrop exfiltrates details of the victim device operating system and manufacturer.[4]

References