System Network Connections Discovery

On Android, applications can use standard APIs to gather a list of network connections to and from the device. For example, the Network Connections app available in the Google Play Store [1] advertises this functionality.

ID: T1421
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Discovery
Platforms: Android
Version: 2.0
Created: 25 October 2017
Last Modified: 01 February 2019


ID Mitigation Description
M1005 Application Vetting

During application vetting, applications could be examined to see if they have this behavior, and extra scrutiny could potentially be given to applications that do.