System Network Connections Discovery

On Android, applications can use standard APIs to gather a list of network connections to and from the device. For example, the Network Connections app available in the Google Play Store [1] advertises this functionality.

ID: T1421

Tactic Type:  Post-Adversary Device Access

Tactic: Discovery

Platform:  Android

Version: 2.0

Mitigations

MitigationDescription
Application VettingDuring application vetting, applications could be examined to see if they have this behavior, and extra scrutiny could potentially be given to applications that do.

Examples

NameDescription
ANDROIDOS_ANSERVER.A

ANDROIDOS_ANSERVER.A gathers the device IMEI and IMSI.[2]

References