{"description": "Mobile techniques mitigated by Use Recent OS Version, ATT&CK mitigation M1006 (v1.0)", "name": "Use Recent OS Version (M1006)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "19", "navigator": "5.3.2"}, "techniques": [{"techniqueID": "T1626", "showSubtechniques": true}, {"techniqueID": "T1626.001", "comment": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1638", "comment": "Recent OS versions have made it more difficult for applications to register as VPN providers. ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1661", "comment": "Android 11 and above implement application hibernation, which can hibernate an application that has not been used for a few months and can reset the application\u2019s permission requests.(Citation: app_hibernation)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1429", "comment": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1414", "comment": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device\u2019s default IME.(Citation: Android 10 Privacy Changes) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1577", "comment": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1641", "comment": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1641.001", "comment": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device\u2019s default input method editor (IME).(Citation: Android 10 Privacy Changes)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1407", "comment": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1642", "comment": "Android 7 changed how the Device Administrator password APIs function.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1624", "comment": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1624.001", "comment": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1627", "comment": "New OS releases frequently contain additional limitations or controls around device location access.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1627.001", "comment": "New OS releases frequently contain additional limitations or controls around device location access.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1420", "comment": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1628", "showSubtechniques": true}, {"techniqueID": "T1628.001", "comment": "Android 10 introduced changes to prevent malicious applications from fully suppressing their icon in the launcher.(Citation: Android 10 Limitations to Hiding App Icons)(Citation: LauncherApps getActivityList)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1629", "showSubtechniques": true}, {"techniqueID": "T1629.001", "comment": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1629.002", "comment": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators\u2019 ability to reset the device\u2019s passcode.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1417", "comment": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1417.002", "comment": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1430", "comment": "On Android 11 and up, users are not prompted with the option to select \u201cAllow all the time\u201d and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1424", "comment": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1636", "comment": "OS feature updates often enhance security and privacy around permissions. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1636.005", "comment": "OS feature updates often enhance security and privacy around permissions. ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1458", "comment": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1418.001", "comment": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1635", "comment": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1635.001", "comment": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1409", "comment": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications\u2019 internal storage directories, regardless of permissions. ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1632", "comment": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)", "score": 1, "showSubtechniques": true}, {"techniqueID": "T1632.001", "comment": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1422", "comment": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1422.002", "comment": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1512", "comment": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device\u2019s camera.(Citation: Android Capture Sensor 2019)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "mitigated by Use Recent OS Version", "color": "#66b1ff"}]}