Possible bypass of user interaction requirements in checkOperation of AppOpsService.java leading to local information disclosure

Possible bypass of user interaction requirements in checkOperation of AppOpsService.java leading to local information disclosure

CVE-2019-2220 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979

Learn more about our Cis Benchmark Audit For Google Android.