Accounts - T1636.005 (337e1136-a6d3-4465-a5c5-fdc658117747)
Adversaries may utilize standard operating system APIs to gather account data. On Android, this can be accomplished by using the AccountManager API. For example, adversaries may use the getAccounts() method to list all accounts.(Citation: Android_AccountManager_Feb2025) On iOS, this can be accomplished by using the Keychain services.
If the device has been jailbroken or rooted, adversaries may be able to access Accounts without the users’ knowledge or approval.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Protected User Data - T1636 (11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e) | Attack Pattern | Accounts - T1636.005 (337e1136-a6d3-4465-a5c5-fdc658117747) | Attack Pattern | 1 |