Missing Permission Check in getLine1NumberForDisplay of PhoneInterfaceManager.java Allows App Installation Detection and Local Information Disclosure
CVE-2021-1034 · LOW Severity
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine whether an app is installed, without querypermissions due to a missing permission check. This could lead to localinformation disclosure with no additional execution privileges needed. Userinteraction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-193441322
Learn more about our Cis Benchmark Audit For Google Android.