File and Directory Discovery

On Android, command line tools or the Java file APIs can be used to enumerate file system contents. However, Linux file permissions and SELinux policies generally strongly restrict what can be accessed by apps (without taking advantage of a privilege escalation exploit). The contents of the external storage directory are generally visible, which could present concern if sensitive data is inappropriately stored there.

iOS's security architecture generally restricts the ability to perform file and directory discovery without use of escalated privileges.

ID: T1420

Tactic Type:  Post-Adversary Device Access

Tactic: Discovery

Platform:  Android

Version: 1.0


Use Recent OS VersionIncrease difficulty of escalating privileges, as security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.