Hide Artifacts

Adversaries may attempt to hide artifacts associated with their behaviors to evade detection. Mobile operating systems have features and developer APIs to hide various artifacts, such as an application’s launcher icon. These APIs have legitimate usages, such as hiding an icon to avoid application drawer clutter when an application does not have a usable interface. Adversaries may abuse these features and APIs to hide artifacts from the user to evade detection.

ID: T1628
Sub-techniques:  T1628.001, T1628.002
Tactic Type: Post-Adversary Device Access
Tactic: Defense Evasion
Platforms: Android
Version: 1.0
Created: 30 March 2022
Last Modified: 08 April 2022


This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.


The user can examine the list of all installed applications in the device settings. Application vetting services could potentially detect the usage of APIs intended for artifact hiding.