Device threats

Development settings enabled

Availability

Added in: TDM v1
Available in: Professional

Detects within the Settings app that the Development options have been enabled.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

Device rooted

Availability

Added in: TDM v1
Available in: Professional

Detects evidence that the device has been rooted.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

Google Play Protect disabled

Availability

Added in: TDM v1
Available in: Professional

Detects when Google Play Protect has been disabled. Google Play Protect verifies application installs.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

HTTP Proxy enabled

Availability

Added in: TDM v1
Available in: Professional

Detects when an HTTP Proxy has been enabled. Configuring an HTTP Proxy will redirect HTTP traffic to a third-party server which could monitor all requests.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

SELinux disabled

Availability

Added in: TDM v1
Available in: Professional

Detects when SELinux for Android has been disabled. SELinux is a Mandatory Access Control (MAC) mechanism used to reinforce the application sandbox and protect the operating system.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

USB debugging enabled

Availability

Added in: TDM v1
Available in: Professional

Detects that USB debugging has been enabled. USB debugging gives a host computer access to files and sensitive logs, and can be used to push malicious applications to the device.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

App installs over USB unverified

Availability

Added in: TDM v1
Available in: Professional

Detects when the device is configured to allow unverified application installations from a host computer. This could be used to install malicious applications.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification

Device attestation failed

Availability

Added in: TDM v1
Available in: Professional

Detects when the device’s operating system integrity has been compromised (say, the bootloader is unlocked or the operating system was not provided by the device’s manufacturer)

Warning

Device attestation is performed using Google services and requires Internet access.

Options:

Ignore
Log
Notification (default)
Lock screen
Stun device (sets lock screen password to the current administrator password)
Wipe device

Presets:

Preset	Value	Reference
DISA STIG	Notification	(not specified)
NCSC	Notification	(not specified)
Xewli	Notification