System Information Discovery

An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, and architecture.

On Android, much of this information is programmatically accessible to applications through the android.os.Build class[1].

On iOS, techniques exist for applications to programmatically access this information[2].

ID: T1426

Tactic Type:  Post-Adversary Device Access

Tactic: Discovery

Platform:  Android, iOS

Version: 1.1



ANDROIDOS_ANSERVER.A gathers the device OS version.[3]


Most KeyRaider samples search to find the Apple account's username, password and device's GUID in data being transferred.[4]

Pegasus for iOS

Pegasus for iOS monitors the victim for status and disables other access to the phone by other jailbreaking software.[5]


RuMMS gathers device model and operating system version information and transmits it to a command and control server.[6]