- Home
- Techniques
- Mobile
- Abuse Device Administrator Access to Prevent Removal
Abuse Device Administrator Access to Prevent Removal
A malicious application can request Device Administrator privileges. If the user grants the privileges, the application can take steps to make its removal more difficult.
Procedure Examples
Name | Description |
---|---|
Mandrake |
Mandrake can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.[1] |
Marcher | |
OBAD |
OBAD abuses device administrator access to make it more difficult for users to remove the application.[3] |
XLoader for Android |
XLoader for Android requests Android Device Administrator access.[4] |
Mitigations
Mitigation | Description |
---|---|
Application Vetting |
It is rare for applications to utilize Device Administrator access. App vetting can detect apps that do so, and those apps should be closely scrutinized. A static analysis approach can be used to identify ransomware apps including apps that abuse Device Administrator access.[5] |
Caution with Device Administrator Access | |
Use Recent OS Version |
Changes were made in Android 7 to help prevent use of this technique.[6] |
Detection
The device user can view a list of apps with Device Administrator privilege in the device settings.
References
- R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.
- Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.
- Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.
- Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.
- Federico Maggi and Stefano Zanero. (2016). Pocket-Sized Badness - Why Ransomware Comes as a Plot Twist in the Cat-Mouse Game. Retrieved December 21, 2016.
- Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016.