Missing Permission Check in getLine1NumberForDisplay of PhoneInterfaceManager.java Allows App Installation Detection and Local Information Disclosure

Missing Permission Check in getLine1NumberForDisplay of PhoneInterfaceManager.java Allows App Installation Detection and Local Information Disclosure

CVE-2021-1034 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322

Learn more about our Cis Benchmark Audit For Google Android.