216.73.217.22

T1630.001: Uninstall Malicious Application

View on MITRE ATT&CK The MITRE Corporation · Published 17/12/2025 22:47 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID
T1630.001
Confidence
100/100
Revoked
No
Published
17/12/2025 22:47
Modified
27/03/2026 01:41
Author / Source
The MITRE Corporation

Platforms

android

Description

Adversaries may include functionality in malware that uninstalls the malicious application from the device. This can be achieved by: * Abusing device owner permissions to perform silent uninstallation using device owner API calls. * Abusing root permissions to delete files from the filesystem. * Abusing the accessibility service. This requires sending an intent to the system to request uninstallation, and then abusing the accessibility service to click the proper places on the screen to confirm uninstallation.

Kill chain phases

Kill chainPhase
mitre-mobile-attack defense-evasion

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.