Device Type Discovery

On Android, device type information is accessible to apps through the android.os.Build class [1]. Device information could be used to target privilege escalation exploits.

ID: T1419

Tactic Type:  Post-Adversary Device Access

Tactic: Discovery

Platform:  Android

Version: 1.0

Mitigations

Mitigation Description
Application Vetting App vetting procedures can search for apps that use the android.os.Build class, but these procedures could potentially be evaded and are likely not practical in this case, as many apps are likely to use this functionality as part of their legitimate behavior.

Examples

Name Description
Android/Chuli.A

Android/Chuli.A gathered device data including phone number, OS version, phone model, and SDK version.[2]

ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A gathers the device build version, manufacturer, and model.[3]

RedDrop

RedDrop exfiltrates details of the victim device operating system and manufacturer.[4]

References